Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1042
Views
5
Helpful
1
Replies

ISE 1.0 Posture and Client provisioning

skolkovo.cisco
Level 1
Level 1

‎07-01-2011 11:37 PM - edited ‎03-10-2019 06:12 PM

I've configured 802.1x with dynamic VLAN for users and MAB for phones - it works fine. Now I wanna to implement client provisioning and posture validation for users. After reading ISE user guide there are still several big questions:

1. Is it possible to combine 802.1x and posture? (it was not recommended with NAC)

2. How can I bind existing 802.1x authorization profile and posture policy?

3. What is a switch configuration for client provisioning to work(redirect, quarantine zone, download NAC agent)?

4. Do ISE posture and client provisioning have L2 virtual gateway, trusted and untrusted ports, as in NAC?

Labels:
0 Helpful
1 Reply 1

Eduardo Aliaga
Level 4
Level 4

‎07-10-2011 11:21 PM

With ISE you can perform 802.1x first and after that optionally you can perform posture. This is done with Radius, that's why it's really and completely out of band, and there's no such concept of trusted or untrusted port because the traffic is never inline.

Still, with ISE you have another option of "inline Posture", in which there's trusted and untrusted ports. I guess that's for some specific cases in which you can't go out-of-band.

On the other hand, so called "out-of-band" NAC was really always an inline solution, only after the user has authenticated and security policies have been verified then the user goes "out-of-band".

Customers Also Viewed These Support Documents