https://community.cisco.com/t5/network-access-control/ise-with-ip-source-guard/m-p/3594572#M538387 <HTML><HEAD></HEAD><BODY><P><A href="http://www.ciscopress.com/articles/article.asp?p=1181682&amp;seqNum=7">IP Source Guard</A><SPAN style="font-size: 10pt;"> is a security feature on Cisco IOS switches but not on ISE so you should consult with the support and product teams on Cisco IOS switch platforms. There is no report on its conflicting with DOT1X so it should be safe to use.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;"><A href="http://packetlife.net/blog/2009/may/25/ip-source-guard-without-dhcp/">IP source guard without DHCP - PacketLife.net</A></SPAN><SPAN style="font-size: 10pt;"> shows it requires DHCP snooping enabled for static IP addresses.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P></BODY></HTML> Sun, 03 Jul 2016 20:49:28 GMT hslai 2016-07-03T20:49:28Z https://community.cisco.com/t5/network-access-control/ise-with-ip-source-guard/m-p/3594571#M538386 <HTML><HEAD></HEAD><BODY><P>Are <SPAN style="font-size: 10pt; line-height: 1.5em;">there are best practices around using ISE with source-guard, since source-guard will apply a port ACL, what do we recommend in terms of deployment in these cases?</SPAN></P></BODY></HTML> Thu, 30 Jun 2016 19:15:26 GMT https://community.cisco.com/t5/network-access-control/ise-with-ip-source-guard/m-p/3594571#M538386 jaosgood 2016-06-30T19:15:26Z https://community.cisco.com/t5/network-access-control/ise-with-ip-source-guard/m-p/3594572#M538387 <HTML><HEAD></HEAD><BODY><P><A href="http://www.ciscopress.com/articles/article.asp?p=1181682&amp;seqNum=7">IP Source Guard</A><SPAN style="font-size: 10pt;"> is a security feature on Cisco IOS switches but not on ISE so you should consult with the support and product teams on Cisco IOS switch platforms. There is no report on its conflicting with DOT1X so it should be safe to use.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;"><A href="http://packetlife.net/blog/2009/may/25/ip-source-guard-without-dhcp/">IP source guard without DHCP - PacketLife.net</A></SPAN><SPAN style="font-size: 10pt;"> shows it requires DHCP snooping enabled for static IP addresses.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P></BODY></HTML> Sun, 03 Jul 2016 20:49:28 GMT https://community.cisco.com/t5/network-access-control/ise-with-ip-source-guard/m-p/3594572#M538387 hslai 2016-07-03T20:49:28Z https://community.cisco.com/t5/network-access-control/ise-with-ip-source-guard/m-p/3840842#M538388 <P>Hi Hsai,</P><P>&nbsp;</P><P>To stop mac spoofing normally recommendation is to enable Dynamic Arp inspection and IP source guard.&nbsp;</P><P>&nbsp;</P><P>1)Will there be any issue to function ISE with dot1x ,if we enable above DAI and source guard.</P><P>&nbsp;</P><P>2) Do we really need to enable DAI and Source guard ,in a ISE enabled environment. Can't ISE itself detect mac spoofing</P> Thu, 18 Apr 2019 06:47:51 GMT https://community.cisco.com/t5/network-access-control/ise-with-ip-source-guard/m-p/3840842#M538388 hasitha siriwardhana 2019-04-18T06:47:51Z