AnsweredAssumed Answered

Identity awareness - Access role based on MAC address

Question asked by Frederic Kasmirczak on Oct 19, 2017
Latest reply on Oct 19, 2017 by Tzvi Katz

Hello guys,


We have identity collector connected to AD servers and ISE servers.


ISE is able to identify some devices based on their MAC address:


# pep show user all | grep 2e:23      :00000000; ad11a944  @xx:xx:xx:xx:2e:23                  xx.xx.xx.xx                , 00000000  -


# pdp monitor machine xx:xx:xx:xx:2e:23


Session:  ad11a944
Session UUID:  {D228D90A-0315-B8D8-29D1-B4DFAB3DF4F1}
Ip:  xx.xx.xx.xx
 xx:xx:xx:xx:2e:23 {5cce349d}
   Groups: -
   Roles: -
   Client Type: Identity Collector (Cisco ISE)
   Authentication Method: Trust
   Distinguished Name:
   Connect Time: Tue Oct 10 12:38:36 2017
   Next Reauthentication: Thu Oct 19 21:48:43 2017
   Next Connectivity Check: -
   Next Ldap Fetch: -


Packet Tagging Status:  Not Active
Published Gateways:  Local


Is there a way to create access role / firewall rules based on those devices / mac address?


When I am trying to create a access role based on machine section, it seems to lookup only on the AD directory