07-19-2017 05:26 PM
Hello,
We are planning to deploy Cisco ISE to vlan assignment by MAC authentication.
But we also would like to assign vlan by windows client's health status.
We already have client health(virus engine, required programs) check program for NAP/NPS and We are using it in HQ.
Is it possible to use client health information for Cisco ISE?
(We can customize our client health check program if there are things like SDK for Cisco ISE. )
Thank you!
Solved! Go to Solution.
07-20-2017 03:33 PM
Yes, we can assess the client's health (Anti-virus software / signatures, required programs / files) and control access to them. You'll need the Cisco AnyConnect agent to be able to do this. Details here:
Microsoft NAP/NPS is End-of-Life and if you still want to use it, then you can proxy ISE to the microsoft services, such that the compliance status can be shared with ISE for authorization.
Cheers!
-Hari
07-20-2017 03:33 PM
Yes, we can assess the client's health (Anti-virus software / signatures, required programs / files) and control access to them. You'll need the Cisco AnyConnect agent to be able to do this. Details here:
Microsoft NAP/NPS is End-of-Life and if you still want to use it, then you can proxy ISE to the microsoft services, such that the compliance status can be shared with ISE for authorization.
Cheers!
-Hari
07-20-2017 05:14 PM
Thank you for your reply!
I'll have a look for it.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide