cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

111
Views
5
Helpful
2
Replies
Cisco Employee

ISE and Infoblox Integration

Hi Team,

 

Could you please help me clarify a few points with ISE 2.4 to pxGrid integration with Infoblox 8.3? In one of our deployments with initial configuration we see 2 subscribers attached to the Grid:

  • infoblox_client_subscribe_... with Core and SessionDirectory capabilities 
  • infoblox_client_publish_.... with Core capability only

1. Which one of above is expected to issue the EPS quarantine events and should be placed in "EPS" client group (non of the two has "EndpointProtectionSevice" listed in the capabilities)?

 

2. The note in the ISE 2.2 integration guide states that " Cisco ISE 2.2 does not support any IPAM and HCP information". Has this changed in ISE 2.4 - can ISE consume these attributes? 

image.png

3. Does (and if so, how) ISE 2.4 consume "Network Insight" sourced information?

  • Would ISE create endpoints based on Infoblox provided data (seems not feasible as I don't see MAC in attributes)? 
  • Would ISE enrich existing endpoints attributes? 
  • If above is true, can we use Infoblox sourced attributes in ISE profiling policies? 

image.png

 

4. Infoblox adds a few action groups: IPAM_Publish, DHCP_Publish etc... (don't have the exact names handy now). How should be assign these action groups to pxGrid subscribers in order to allow EPS and Infoblox attributes consumption on ISE? 

 

Cheers,

Chris

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: ISE and Infoblox Integration

Hey Chris,

 

Email me directly and we can schedule a webex to discuss.

 

In the meanwhile, Infoblox DOES NOT send any information for ISE to consume.  Infoblox uses pxGrid 1.0 and DOES NOT use pxGrid 2.0.

 

Infoblox publishes the IPAM and DHCP tables, however, ISE DOES NOT CONSUME this information, this would be for ecosystem partners connected to the grid to subscribe to these topics.

 

Infoblox consumes session information from ISE via pxGrid to the to populate the Infoblox IPAM table information. This is achieved by Infoblox subscribing to the pxGrid sessiondirectory topic.  Infoblox can also take mitigation actions on the endpoint by subscribing to the pxGrid EndpointProtection Service capability topic and is dependent on the Session:EPSStatus:Quarantine ISE authorization policy.

 

Thanks,

John

jeppich@cisco.com

 

 

 

 

 

2 REPLIES 2
Highlighted
Cisco Employee

Re: ISE and Infoblox Integration

Hey Chris,

 

Email me directly and we can schedule a webex to discuss.

 

In the meanwhile, Infoblox DOES NOT send any information for ISE to consume.  Infoblox uses pxGrid 1.0 and DOES NOT use pxGrid 2.0.

 

Infoblox publishes the IPAM and DHCP tables, however, ISE DOES NOT CONSUME this information, this would be for ecosystem partners connected to the grid to subscribe to these topics.

 

Infoblox consumes session information from ISE via pxGrid to the to populate the Infoblox IPAM table information. This is achieved by Infoblox subscribing to the pxGrid sessiondirectory topic.  Infoblox can also take mitigation actions on the endpoint by subscribing to the pxGrid EndpointProtection Service capability topic and is dependent on the Session:EPSStatus:Quarantine ISE authorization policy.

 

Thanks,

John

jeppich@cisco.com

 

 

 

 

 

Cisco Employee

Re: ISE and Infoblox Integration

Thanks John!