Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
898
Views
5
Helpful
2
Replies

Enforce permit-ACL rules for endpoints

blackbird_bb
Level 1
Level 1

‎05-10-2022 11:15 PM - edited ‎05-10-2022 11:16 PM

Hi there,

 

We aim to enforce permit-ACL rules for each asset (endpoint device like a printer) using Cisco ISE version 3.0.

 

We have done the following steps:

 

  1. We have created an asset as an endpoint on ISE using its MAC address.
  2. We have created the corresponding ACL rules as Downloadable ACL (dACL) / TrustSec SGACL on ISE.


What is unclear to us is how to enforce these rules to the network, specific to the asset (endpoint), or at least to a port of a network switch to which this asset is connected. Is there any documentation that explains how to perform this task?

 

2 Replies 2

Saurabh Dhakate
Cisco Employee
Cisco Employee

‎05-11-2022 12:15 AM

ISE Profiling is the best option for your use case. Please refer this doc for more information https://community.cisco.com/t5/security-documents/ise-profiling-design-guide/ta-p/3739456

 

0 Helpful

Rob Ingram
VIP
VIP

‎05-11-2022 02:18 AM

@blackbird_bb using a DACL enforcement is local to the switch the endpoint is connected to and simplier to implement.

Compared to TrustSec SGACL which is more complex to implement and support.

 

How big is your network? What switches do you have?

 

Refer to this ISE Segmentation strategy guide for more information.

https://community.cisco.com/t5/security-documents/segmentation-strategy/ta-p/3757424

 

0 Helpful
Customers Also Viewed These Support Documents