Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Mac-Address Different format for Authorization on Cisco ISE

Dear All,

I have problem with my Cisco ISE,

This is the design :

ISE ---- Core Switch ---- 3Com Switch --- PC User

My Case:

Authorization is based on Mac-address and Active Directory,

But user with PC that connect to 3Com swtich is Deny by ISE because the Format Mac-address is different with Cisco,

Mac-address Cisco format :  XX:XX:XX:XX:XX:XX

Mac-address 3Com format :  XXXX-XXXX-XXXX

3Com Switch type is TRICOM 4210 26-PORT.

Anyone have experience with this? and how change the mac-address format in 3Com so user can authorized by Cisco ISE.

note:

authorization based on Active Directory is not problem with 3Com Switch.

Based on my experience, Different product is different format mac-address, so this case not only for 3Com Switch.

Thanks,

Arika Wahyono

1 ACCEPTED SOLUTION

Accepted Solutions

Mac-Address Different format for Authorization on Cisco ISE

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

8 REPLIES

Mac-Address Different format for Authorization on Cisco ISE

Hello. Authentication using "Mac address bypass" is not a standard feature. Every vendor does it differently. I don't think this could work, but even if this can be done the solution won't be realiable because it's not standard based.

Re:Mac-Address Different format for Authorization on Cisco ISE

Hi,

Please check the ise 1.2 release notes for support for mab with non cisco switches. Seems as if some functionality has been added.

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp354890


Sent from Cisco Technical Support Android App

Tarik Admani *Please rate helpful posts*
New Member

Mac-Address Different format for Authorization on Cisco ISE

Dear Tarik,

Are you sure with ise 1.2 my case will solved?

my current ISE is 1.1.2.145.

Thanks,

Arik

Cisco Employee

Mac-Address Different format for Authorization on Cisco ISE

Not sure because it is not listed in compatibility matrix list.

New Member

Mac-Address Different format for Authorization on Cisco ISE

Ravi,

Can you show me the compability matrix list?

Thanks,

Cisco Employee

Re: Mac-Address Different format for Authorization on Cisco ISE

Please find the attached Compatibility list

Mac-Address Different format for Authorization on Cisco ISE

I do not think Cisco will add these vendors to the supported switch matrix because then it would be a support issue that cisco would have to deal with, much like most of the AD issues I experienced when I worked in TAC. Your best bet would be to run the evaluation license instance in a lab and have a 3com switch point against that.

Other than that I do not recommend upgrading to 1.2 without validating that the new "multi-vendor" MAB support will work on your switch.

PS- Keep in mind that my comments is just my opinion so you may need to open a TAC case for an official answer.

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
Cisco Employee

Re: Mac-Address Different format for Authorization on Cisco ISE

Please find the attached Compatibility list

944
Views
0
Helpful
8
Replies
CreatePlease to create content