cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

152
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

Guest portals on ISE in PCI zone

Team, 

 

I have a customer that has PCI restrictions around hosting ISE guest portals in their PCI Zone. What are the best ways to address this? I would love to hear real world experiences. 

 

Ideas I have are 1) Separate PSN in a non PCI zone for guest portals 2) Fully separate ISE deployment for guest wireless. 

Everyone's tags (1)
1 REPLY 1
VIP Advisor

Re: Guest portals on ISE in PCI zone

Hi

I've few customers who have a dedicated ISE cluster for PCI zone serving dot1x and guest accesses.

Some have dedicated a specific interface for that zone but even if ise doesn't route or bridge traffic between interfaces, the whole cluster become in scope for PCI.

Based on my experience, to avoid including non pci architecture pieces in scope, add a dedicated ise installation and not bridging something you use for your users to pci otherwise your scope becomes bigger.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question