07-20-2019 03:56 PM
Hi Guys:
I'm new in ISE and now I have a good challenge to enable a Posture module for a current environment with dot1x. my deal is I have 30 authorization rules with the syntaxes of:
item 1 AD_group_A then applied VLAN_A
item 2 AD_group_B then Applied VLAN_B
..
item 30 AD_group_30 then applied VLAN_30
After I read the Posture implementation guide, it says We need to create an authorization condition for posture status equal "complaint" and "no complaint", for this reason, I would like to know in your experience if there a way you can create a simple 2 authorization rule in the top of them or I must duplicate all Authz with complaint and No complaint.
Thanks,
Jhony
Solved! Go to Solution.
07-20-2019 04:25 PM
In case the endpoints in your deployment able to get new IP addresses after changing subnets, then it possible to assign the endpoint to a common quarantine subnet before their posture statuses become compliant.
In case to keep separate subnets even during quarantine or in case endpoints unable to refresh IP addresses between unknown and compliant, please see whether we may store the VLAN ID or name as an AD user attribute. This way we might be able to assign the VLAN by the AD user attribute, instead, in the authorization profiles, to aggregate the number of rules and profiles.
07-20-2019 04:25 PM
In case the endpoints in your deployment able to get new IP addresses after changing subnets, then it possible to assign the endpoint to a common quarantine subnet before their posture statuses become compliant.
In case to keep separate subnets even during quarantine or in case endpoints unable to refresh IP addresses between unknown and compliant, please see whether we may store the VLAN ID or name as an AD user attribute. This way we might be able to assign the VLAN by the AD user attribute, instead, in the authorization profiles, to aggregate the number of rules and profiles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide