05-31-2018 01:38 AM
Dear All,
I am new to ISE and we are deploying ISE 2.3 in our environment. We have an employee SSID on which we are trying to do posturing.I have following queries:
1. If a client is not compliant then is it possible to put that client in a remediation zone/quarantine zone where he will first remediate by updating critical updates from SCCM and some other policies. Will that client have a separate subnet in remediation zone? How to achieve this?
Solved! Go to Solution.
05-31-2018 02:56 PM
Yes this is possible by returning in an authorization profile the name (preferred) or number of another VLAN
https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-authorization-profile/td-p/2025137
Recommendation is to use Scalable group tags and segmentation instead of VLAN changes.
05-31-2018 02:56 PM
Yes this is possible by returning in an authorization profile the name (preferred) or number of another VLAN
https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-authorization-profile/td-p/2025137
Recommendation is to use Scalable group tags and segmentation instead of VLAN changes.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: