cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

92
Views
0
Helpful
2
Replies
Highlighted
Beginner

ISE 2.2 Posture Bypass

My ISE environment is doing posture.  One of the posture requirements is that the computer must be on the domain.  We are checking for a certain registry entry to confirm that the machines are on the domain.

 

I have a use case where we have a handful of laptops that are not on our domain but we want them to be able to use the corporate network just like any other user.  Is there a way I can put a bypass in based on MAC address so these laptops don't have to be on the domain?

 

Thanks

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE 2.2 Posture Bypass

I suggest you refer the prescriptive deployment guide here - Posture Prescriptive Deployment Guide

Thanks,

Nidhi

2 REPLIES 2
Enthusiast

Re: ISE 2.2 Posture Bypass

There are several ways you can approach this. One way you can accomplish this is by setting up your Client Provisioning Policy 'other conditions' to match on an external source (AD) or internal endpoint groups. This would force posture assessment on your known assets and other assets would bypass the policy therefore not need to be scanned. HTH!
Cisco Employee

Re: ISE 2.2 Posture Bypass

I suggest you refer the prescriptive deployment guide here - Posture Prescriptive Deployment Guide

Thanks,

Nidhi