https://community.cisco.com/t5/network-access-control/ise-and-infoblox-integration/m-p/3890091#M471677 <P>Thanks John!</P> Mon, 15 Jul 2019 07:31:47 GMT Krzysztof Grabowski 2019-07-15T07:31:47Z https://community.cisco.com/t5/network-access-control/ise-and-infoblox-integration/m-p/3886239#M471675 <P>Hi Team,</P> <P>&nbsp;</P> <P>Could you please help me clarify a few points with ISE 2.4 to pxGrid integration with Infoblox 8.3? In one of our deployments with initial configuration we see&nbsp;2 subscribers attached to the Grid:</P> <UL> <LI>infoblox_client_subscribe_... with Core and SessionDirectory capabilities&nbsp;</LI> <LI>infoblox_client_publish_.... with Core capability only</LI> </UL> <P>1. Which one of above is expected to issue the EPS quarantine events and should be placed in "EPS" client group (non of the two has "EndpointProtectionSevice" listed in the capabilities)?</P> <P>&nbsp;</P> <P>2. The note in the ISE 2.2 integration guide states that " Cisco ISE 2.2 does not support any IPAM and HCP information". Has this changed in ISE 2.4 - can ISE consume these attributes?&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 498px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/40363i5EDCAA89BB967172/image-dimensions/498x115?v=v2" width="498" height="115" role="button" title="image.png" alt="image.png" /></span></P> <P>3. Does (and if so, how) ISE 2.4 consume "Network Insight" sourced information?</P> <UL> <LI>Would ISE create endpoints based on Infoblox provided data (seems not feasible as I don't see MAC in attributes)?&nbsp;</LI> <LI>Would ISE enrich existing endpoints attributes?&nbsp;</LI> <LI>If above is true, can we use Infoblox sourced attributes in ISE profiling policies?&nbsp;</LI> </UL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 639px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/40362iE7B150B80A98890C/image-dimensions/639x372?v=v2" width="639" height="372" role="button" title="image.png" alt="image.png" /></span></P> <P>&nbsp;</P> <P>4. Infoblox adds a few action groups: IPAM_Publish, DHCP_Publish etc... (don't have the exact names handy now). How should be assign these action groups to pxGrid subscribers in order to allow EPS and Infoblox attributes consumption on ISE?&nbsp;</P> <P>&nbsp;</P> <P>Cheers,</P> <P>Chris</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 08 Jul 2019 11:58:53 GMT https://community.cisco.com/t5/network-access-control/ise-and-infoblox-integration/m-p/3886239#M471675 Krzysztof Grabowski 2019-07-08T11:58:53Z https://community.cisco.com/t5/network-access-control/ise-and-infoblox-integration/m-p/3889756#M471676 <P>Hey Chris,</P> <P>&nbsp;</P> <P>Email me directly and we can schedule a webex to discuss.</P> <P>&nbsp;</P> <P>In the meanwhile, Infoblox DOES NOT send any information for ISE to consume. &nbsp;Infoblox uses pxGrid 1.0 and DOES NOT use pxGrid 2.0.</P> <P>&nbsp;</P> <P>Infoblox publishes the IPAM and DHCP tables, however, ISE DOES NOT CONSUME this information, this would be for ecosystem partners connected to the grid to subscribe to these topics.</P> <P>&nbsp;</P> <P>Infoblox consumes session information from ISE via pxGrid to the to populate the Infoblox IPAM table information. This is achieved by Infoblox subscribing to the pxGrid sessiondirectory topic. &nbsp;Infoblox can also take mitigation actions on the endpoint by subscribing to the pxGrid EndpointProtection Service capability topic and is dependent on the Session:EPSStatus:Quarantine ISE authorization policy.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>John</P> <P>jeppich@cisco.com</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 13 Jul 2019 22:26:02 GMT https://community.cisco.com/t5/network-access-control/ise-and-infoblox-integration/m-p/3889756#M471676 jeppich 2019-07-13T22:26:02Z https://community.cisco.com/t5/network-access-control/ise-and-infoblox-integration/m-p/3890091#M471677 <P>Thanks John!</P> Mon, 15 Jul 2019 07:31:47 GMT https://community.cisco.com/t5/network-access-control/ise-and-infoblox-integration/m-p/3890091#M471677 Krzysztof Grabowski 2019-07-15T07:31:47Z https://community.cisco.com/t5/network-access-control/ise-and-infoblox-integration/m-p/4118564#M561692 <P>John and Community,</P><P>&nbsp;</P><P>Wondering if anyone has experience moving to 2.6p2 with Infoblox solution? We are considering moving a client from 2.4 to 2.6p2 which is a trusted rev we have many clients on. Any items we should watch out for as we move to more recent code with regard to PXGrid / Infoblox? We will, of course, be updating the lab first, but know Infoblox has some set requirements, and can't find any compatibility details.&nbsp;</P><P>&nbsp;</P><P>I just saw 2.7p1 is now blessed as well and sounds like that has good metrics as well.&nbsp;</P><P><BR />Thank you for your time in advance.</P> Tue, 14 Jul 2020 16:34:14 GMT https://community.cisco.com/t5/network-access-control/ise-and-infoblox-integration/m-p/4118564#M561692 RockstarWiFi 2020-07-14T16:34:14Z