ASA/PIX, IDS, IPS, VPN, Cisco Secure ACS, AAA, ISE.
timaz
Senior Member
Posts:
265
Joined:
Sat May 31, 2008 2:25 pm

a Q regarding guest users and ISE

Fri Jan 06, 2017 3:16 am

Hi;

I configure ISE to redirect the guest users toward the Guest portal and everything works fine. but at the end, ISE adds the guest's MAC address to the local DB so the second time the same person wants to access the network, its MAC address matches an authorization rule that I had created for known clients.

how can I prevent ISE from adding MAC addresses of guest users automatically to the internal MAB DB? also both of the "Automatically Register Guest Devices" and "Allow Devices To Register Devices" check boxes in the created Sponsor Guest Portal are disabled.
timaz

timaz
Senior Member
Posts:
265
Joined:
Sat May 31, 2008 2:25 pm

Re: a Q regarding guest users and ISE

Mon Jan 09, 2017 3:57 am

due to the lack of the response here, I'm going to post my own answer here that I found by myself. hope this help someone else who needs this.

I was using a very comprehensive rule that matched most of the conditions. So I added a static EndPoint Group and placed my manually created known MAC addresses inside that group and edited the condition part of the "Basic_Authenticated_Access" authz rule to contain just that EndPoint Identity Group. this time, every time a guest user wants to access the network, he goes through the whole process as expected.
timaz

'

Return to Cisco Security

Who is online

Users browsing this forum: umairnajib, Yahoo [Bot] and 33 guests