08-02-2015 03:30 AM - edited 03-10-2019 10:57 PM
hi,
who can explain me the function of inline posture node ? what feature are linked to to this type of node ?
Solved! Go to Solution.
08-02-2015 05:13 PM
That's correct, assuming it's Cisco's flavor of CoA (which relies in part on RADIUS A-V pairs which use Cisco's Vendor-Specific Attributes or VSAs).
A third party NAD can support standards-based CoA (via RFCs 3576 and 5176) and not necessarily work with ISE. Aerohive is one such example that I know of.
08-02-2015 06:45 AM
The IPN is a node that is used to provide a subset of services (posture assessment and enforcement) for RADIUS clients communicating via a network access device that does not support the normal Cisco Change of Authorization (CoA) or Web redirection methods.
The most common use case was inline with a Cisco ASA running code prior to 9.2(1). That's what's shown here in the ISE Admin Guide.
With 9.2(1) or later the ASA can be used natively with ISE per this guide.
08-02-2015 02:12 PM
So, if i understand correctly, all device like WLC, ASA, SWITCH that support natively CoA do not need an IPN node.
right....?
08-02-2015 05:13 PM
That's correct, assuming it's Cisco's flavor of CoA (which relies in part on RADIUS A-V pairs which use Cisco's Vendor-Specific Attributes or VSAs).
A third party NAD can support standards-based CoA (via RFCs 3576 and 5176) and not necessarily work with ISE. Aerohive is one such example that I know of.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide