Solved: HTTP and HTTPS ports from users to the access switches

saghisha · ‎05-30-2019

Hi Team,

My customer is deploying ISE in their network, they have concerns in opening http and https between the users and the access switches. They would like to know what exactly do they loose if http and https are not opened between users and access switches.

Jason Kunst · ‎05-30-2019

The only time you need to open up http to the switches (https redirect not needed) is for redirection to do BYOD, Guest, Client provisioning (for posture - accept when using 2.2 and higher not required, see https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/210523-ISE-posture-style-comparison-for-pre-and.html )

See more information on redirect under the following guides
http://cs.co/ise-guest - look for the prescriptive guest guide

http://cs.co/ise-guides - look for the wired guide

View solution in original post

Mark Elsen · ‎05-30-2019

- None because regular users don't need access to the switches.

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Jason Kunst · ‎05-30-2019

The only time you need to open up http to the switches (https redirect not needed) is for redirection to do BYOD, Guest, Client provisioning (for posture - accept when using 2.2 and higher not required, see https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-22/210523-ISE-posture-style-comparison-for-pre-and.html )

See more information on redirect under the following guides
http://cs.co/ise-guest - look for the prescriptive guest guide

http://cs.co/ise-guides - look for the wired guide