02-08-2015 08:14 PM - edited 03-10-2019 10:25 PM
Hi Experts,
Good day!
I just want to clarify if I can provide posture assessment in ISE 1.2 even if it is in standalone mode because some said I can but based on my understandings of ISE since 1.1.4, I need to convert it first to an IPN mode for it to provide posture assessment.
Please help, I'm a little bit confused.
thanks,
niks
02-09-2015 10:39 AM
IPN is only used if you don't have a switch or a wireless controller, that supports CoA and webauth redirect function, as required by ISE to do posture assesment. But to answer your question, IPN is a specific software bundle that you "upgrade" and ise node to, which maskes it an inline node, and can't be used without having another ISE node running the PAN/MNT roles.
02-09-2015 05:19 PM
Sorry but I'm a bit confused about your explanation, so you mean that a standalone ISE can't provide posture assessment unless I upgrade it with the required software?
02-09-2015 05:32 PM
No, ISE can do posture just fine, in "standalone" mode, it just requires you to use newer cisco networking equipment, ISE deployed as an IPN is used mainly for posture and guest redirect when you are not using Cisco networking equipment, or old equipment that doesn't support Coa and/or webauth redirect..
02-18-2015 06:52 AM
ISE standalone node can provide posture service, you need to make sure you have advanced license on ISE. IPN is for NAD that do not support COA.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_license.html
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_0100.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide