topic Re: Location based data access in Network Access Control

Location based data access

tclausen1 — Thu, 20 Jun 2019 00:26:37 GMT

New to ISE and I'm specifically interested in capability mentioned in a video, but Google results aren't helping. Can someone tell me what features of ISE allow denial of access to a class of documents when a user is in a particular location or connected via VPN, which they would otherwise have access to while in the office? Is there a term for this type of control?

Many Thanks.

Re: Location based data access

Mohammed al Baqari — Thu, 20 Jun 2019 06:29:31 GMT

You need to integrate MSE with ISE for location based authorization. See
this document.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/200196-Location-based-authorization-with-Mobili.html

Re: Location based data access

tclausen1 — Thu, 20 Jun 2019 07:07:56 GMT

"The purpose is to allow or deny access to wireless device based on their physical location." Sorry, but this isn't what I'm describing.

One of Cisco's ISE videos dramatizes that "there is a policy that doesn't allow financial documents to be accessed from that country" while a user was traveling. I'd like to understand what technology allows that control. If it's what you've linked, I am missing where that is part of the capability.

Thanks.

Re: Location based data access

Jason Kunst — Thu, 20 Jun 2019 10:47:31 GMT

That’s what ise does inherently, you setup authorization rules that allow or deny access to certain resources in your network

Example if at locationX Switch then return certain authorization with ACLs be it IP acl or SGACL using SGT

I suggest you start with videos here to learn more about ISE
http://youtube.com/CiscoISE

Location based services with MSE aaa you said is not relevant to your ask. And this is old integration