cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

100
Views
5
Helpful
1
Replies
Cisco Employee

MAB required with Passive Identity for Identity Exchange Only ?

Hi,

I have a customer, whose only use-case for ISE-PIC is sending Identity information to Stealthwatch. In this case,

 

1. I assume that MAB will Not be required on the switch ?  And ISE can provide the session information received from AD connector to pxGrid subscribers.

OR

2. If it is required then what would be reason behind it ?

 

Thanks,

Naman

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: MAB required with Passive Identity for Identity Exchange Only ?

Combining MAB with passive ID for AD is generally called Easy Connect and it has two modes. Monitor mode where you simply make ISE learn username - IP mappings from the AD for context sharing purpose. And second mode where it can enforce based on passive identity which requires MAB. For ISE-PIC, only context sharing is supported.

1 REPLY 1
Cisco Employee

Re: MAB required with Passive Identity for Identity Exchange Only ?

Combining MAB with passive ID for AD is generally called Easy Connect and it has two modes. Monitor mode where you simply make ISE learn username - IP mappings from the AD for context sharing purpose. And second mode where it can enforce based on passive identity which requires MAB. For ISE-PIC, only context sharing is supported.