07-08-2019 04:58 AM
Hi Team,
Could you please help me clarify a few points with ISE 2.4 to pxGrid integration with Infoblox 8.3? In one of our deployments with initial configuration we see 2 subscribers attached to the Grid:
1. Which one of above is expected to issue the EPS quarantine events and should be placed in "EPS" client group (non of the two has "EndpointProtectionSevice" listed in the capabilities)?
2. The note in the ISE 2.2 integration guide states that " Cisco ISE 2.2 does not support any IPAM and HCP information". Has this changed in ISE 2.4 - can ISE consume these attributes?
3. Does (and if so, how) ISE 2.4 consume "Network Insight" sourced information?
4. Infoblox adds a few action groups: IPAM_Publish, DHCP_Publish etc... (don't have the exact names handy now). How should be assign these action groups to pxGrid subscribers in order to allow EPS and Infoblox attributes consumption on ISE?
Cheers,
Chris
Solved! Go to Solution.
07-13-2019 03:26 PM
Hey Chris,
Email me directly and we can schedule a webex to discuss.
In the meanwhile, Infoblox DOES NOT send any information for ISE to consume. Infoblox uses pxGrid 1.0 and DOES NOT use pxGrid 2.0.
Infoblox publishes the IPAM and DHCP tables, however, ISE DOES NOT CONSUME this information, this would be for ecosystem partners connected to the grid to subscribe to these topics.
Infoblox consumes session information from ISE via pxGrid to the to populate the Infoblox IPAM table information. This is achieved by Infoblox subscribing to the pxGrid sessiondirectory topic. Infoblox can also take mitigation actions on the endpoint by subscribing to the pxGrid EndpointProtection Service capability topic and is dependent on the Session:EPSStatus:Quarantine ISE authorization policy.
Thanks,
John
jeppich@cisco.com
07-13-2019 03:26 PM
Hey Chris,
Email me directly and we can schedule a webex to discuss.
In the meanwhile, Infoblox DOES NOT send any information for ISE to consume. Infoblox uses pxGrid 1.0 and DOES NOT use pxGrid 2.0.
Infoblox publishes the IPAM and DHCP tables, however, ISE DOES NOT CONSUME this information, this would be for ecosystem partners connected to the grid to subscribe to these topics.
Infoblox consumes session information from ISE via pxGrid to the to populate the Infoblox IPAM table information. This is achieved by Infoblox subscribing to the pxGrid sessiondirectory topic. Infoblox can also take mitigation actions on the endpoint by subscribing to the pxGrid EndpointProtection Service capability topic and is dependent on the Session:EPSStatus:Quarantine ISE authorization policy.
Thanks,
John
jeppich@cisco.com
07-15-2019 12:31 AM
Thanks John!
07-14-2020 09:34 AM
John and Community,
Wondering if anyone has experience moving to 2.6p2 with Infoblox solution? We are considering moving a client from 2.4 to 2.6p2 which is a trusted rev we have many clients on. Any items we should watch out for as we move to more recent code with regard to PXGrid / Infoblox? We will, of course, be updating the lab first, but know Infoblox has some set requirements, and can't find any compatibility details.
I just saw 2.7p1 is now blessed as well and sounds like that has good metrics as well.
Thank you for your time in advance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide