02-15-2012 01:24 AM - edited 03-10-2019 06:49 PM
Hi,
I was looking into Cisco ISE solution for deploying NAC.
I have a question about the network topology.
In the user guide documents of cisco ISE, it is written that for Wireless LAN Controllers (WLC) and VPN devices, an additional server, Inline Posture, is needed.
However, in the following integration document, there is not an inline posture between WLC and Cisco ISE server.
https://supportforums.cisco.com/docs/DOC-18121
I want to know if Inline Posture is a requirement, if not a requirement, what are the benefits of having it between Cisco ISE Server and WLC.
Thanks & Regards
Sinan
02-18-2012 11:51 AM
When doing posture assesment, ISE Needs to send information ack to the network device to change parameters, for example vlan change. In switches this is done with CoA, an extention to the radius protocol.
WLC doesnt support CoA as of v7.1.
Sent from Cisco Technical Support iPad App
02-19-2012 02:22 PM
Later versions of WLC do support COA. There are versions currently shipping that do support COA
09-17-2013 06:13 PM
Hello,
Please go through below mentioned links which might be helpful for you.
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_ipep_deploy.html
http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_deploy.html
Best Regards,
09-23-2013 05:45 AM
An Inline Posture node is a gatekeeper that enforces access policies and handles change of authorization (CoA) requests.
following link "Cisco Identity Services Engine Network Component Compatibility, Release 1.2" Lists NAD that support "Session CoA"
http://www.cisco.com/en/US/docs/security/ise/1.2/compatibility/ise_sdt.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide