cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
907
Views
0
Helpful
2
Replies

ISE 2.2 Posture Bypass

Andy Guley
Level 1
Level 1

My ISE environment is doing posture.  One of the posture requirements is that the computer must be on the domain.  We are checking for a certain registry entry to confirm that the machines are on the domain.

 

I have a use case where we have a handful of laptops that are not on our domain but we want them to be able to use the corporate network just like any other user.  Is there a way I can put a bypass in based on MAC address so these laptops don't have to be on the domain?

 

Thanks

 

 

1 Accepted Solution

Accepted Solutions

Nidhi
Cisco Employee
Cisco Employee

I suggest you refer the prescriptive deployment guide here - Posture Prescriptive Deployment Guide

Thanks,

Nidhi

View solution in original post

2 Replies 2

Mike.Cifelli
VIP Alumni
VIP Alumni
There are several ways you can approach this. One way you can accomplish this is by setting up your Client Provisioning Policy 'other conditions' to match on an external source (AD) or internal endpoint groups. This would force posture assessment on your known assets and other assets would bypass the policy therefore not need to be scanned. HTH!

Nidhi
Cisco Employee
Cisco Employee

I suggest you refer the prescriptive deployment guide here - Posture Prescriptive Deployment Guide

Thanks,

Nidhi

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: