02-13-2018 09:16 AM - edited 02-21-2020 10:45 AM
Dear All, I have a a question regarding ISE deployment.
Is it possible to have in the same network the following features all enabled;
1.RADIUS AAA, including 802.1x, MAC Authentication Bypass Done
2. Web authentication (local, central, device registration)
3. MACsec
4. SSO
5. Guest portal and sponsor services
6. Representational state transfer (monitoring) APIs
7. External RESTful services (CRUD)-capable APIs
8. Security group tagging
9. PassiveID (Cisco Subscribers)
10. Passive ID (Non-Cisco Subscribers)
11. Profiling
12. Profiler feed service
13. Device registration (My Devices portal) and provisioning for Bring Your Own Device (BYOD)
14. Context sharing pxGrid
15. Endpoint Protection Services
16. TrustSec – ACI Integration
17. Rapid Threat Containment (RTC) (using ANC and pxGrid)
18. Posture (endpoint compliance and remediation)
19. Enterprise Mobility Management and Mobile Device Management (EMM and MDM) integration
20. Threat Centric NAC
21. Wired access control
22. Device Administration (TACACS+)
Or are some of these feature mutually exclusive?
Thanks.
02-13-2018 09:42 AM
02-13-2018 09:56 AM
Thanks for your prompt response Mohammed and for bringing to mine best practice of having a multi-node setup which makes a lot of sense.
I am particularly interested in the combination of MACSec, SGT and Posture assessment for the same users. Are they all possible for the same user or mutually exclusive?
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: