10-29-2013 03:08 PM - edited 03-10-2019 09:02 PM
Hello All,
Question about Cisco ISE.
What a difference between EPS and using blacklist indentity group?
In which case it preferable to use EPS or Blacklisting?
Best regards,
10-30-2013 05:30 PM
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_eps.html
EPS:
Endpoint Protection Services (EPS) is a service that runs on the Cisco Identity Services Engine Administration node to extend the monitoring and controlling of endpoints. You can use EPS to monitor and change the authorization state of an endpoint without having to modify the overall Authorization Policy of the system. EPS supports both wired and wireless deployments.
Blacklist :
The Cisco ISE administrator can now "blacklist" wireless user devices that get "lost," or otherwise become unusable or are taken out of circulation, until the device is reinstated or is completely removed from the network. Cisco ISE removes "blacklisted" devices from the network, and they are not allowed on the network again until the device is reinstated. In order to set up the authorization policy in Cisco ISE, you also must ensure you add a compatible dynamic ACL on any associated network access devices in your deployment to manage these wireless users.
11-03-2013 08:35 AM
The Cisco ISE offers different ways to prevent a lost or stolen device from connecting to the network. The My Devices Portal allows the employee to mark a device as lost and prevent others from gaining unauthorized access with that device. In addition, if the device is connected to the network when the device is marked as lost, the ISE may issue a Change of Authorization (CoA) to force the endpoint off the network. The administrator is also able to blacklist a device and force the endpoint off the network. In addition, the administrator is able to use Endpoint Protection Services (EPS) to quarantine an endpoint from the network
Please check the below guide which may be helpful for you
11-06-2013 12:39 PM
Kindly check the following links for detail and configuration
http://cisco-images.test.edgekey.net/en/US/docs/security/ise/1.2/user_guide/ise_ug.pdf
http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_eps.html
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_mydevices.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide