https://community.cisco.com/t5/network-access-control/interface-templates-in-data-center/m-p/3467847#M519633 <HTML><HEAD></HEAD><BODY><P>Hi Arron,</P><P></P><P>Typically DC environments are secured physically, so this requirement doesn’t arise with many of our customers. We do support 802.1X on some of our DC switches, but that isn’t officially validated with ISE. For ISE to be able to deny unauthorized access, some sort of authentication is necessary. I suggest you consult the DC engineers get tips on how to do it with some sort of DC managers like DCNM or APIC controller.</P><P></P><P>~Hari </P></BODY></HTML> Wed, 22 Nov 2017 00:20:29 GMT hariholla 2017-11-22T00:20:29Z https://community.cisco.com/t5/network-access-control/interface-templates-in-data-center/m-p/3467846#M519632 <HTML><HEAD></HEAD><BODY><P>Hi team,</P><P></P><P>Customer has a requirement to stop people plugging into switches/servers with their laptop etc in the data center. </P><P></P><P>Customer currently uses ISE in branch locations with MAB (no dot1x). The requirement is less about authenticating users but more stopping anyone plugging in (there a physical controls like biometrics to get past) with a more centralised way of controlling the policy rather than things like port security (sticky MAC etc) as it's a higher administrative overhead. </P><P></P><P>Questions:</P><P></P><P>1. What would be a recommended way to lock down ports in a data center environment? Is ISE in the data center overkill here? </P><P></P><P>2. Will service or interface templates be something they could use here? </P><P></P><P>3. What do we at Cisco use in our DC environment?</P><P></P><P>Appreciate your thoughts.</P><P></P><P>Thanks,</P><P>Arron</P></BODY></HTML> Tue, 21 Nov 2017 16:43:37 GMT https://community.cisco.com/t5/network-access-control/interface-templates-in-data-center/m-p/3467846#M519632 kerai08 2017-11-21T16:43:37Z https://community.cisco.com/t5/network-access-control/interface-templates-in-data-center/m-p/3467847#M519633 <HTML><HEAD></HEAD><BODY><P>Hi Arron,</P><P></P><P>Typically DC environments are secured physically, so this requirement doesn’t arise with many of our customers. We do support 802.1X on some of our DC switches, but that isn’t officially validated with ISE. For ISE to be able to deny unauthorized access, some sort of authentication is necessary. I suggest you consult the DC engineers get tips on how to do it with some sort of DC managers like DCNM or APIC controller.</P><P></P><P>~Hari </P></BODY></HTML> Wed, 22 Nov 2017 00:20:29 GMT https://community.cisco.com/t5/network-access-control/interface-templates-in-data-center/m-p/3467847#M519633 hariholla 2017-11-22T00:20:29Z