Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2232
Views
0
Helpful
2
Replies

ISE 2.2 with 802.1x and PassiveID with Stealthwatch

Go to solution
schason@cisco.com
Cisco Employee
Cisco Employee

ā€Ž02-16-2017 07:10 AM - edited ā€Ž02-21-2020 10:31 AM

If a customer sets up ISE 2.2 with 802.1x auth with Active Directory but also enables PassiveID and pxGrid integration with Stealthwatch, how will Stealthwatch handle the potential duplicate information. Also, what if MAB is setup rather than full AD auth and they also configure  PassiveID and Stealthwatch integration?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

ā€Ž02-16-2017 11:43 AM

Scott,

I'm not sure how there could be duplicate entries.  Could you provide an example?  PassiveID entries are essentially a session just like a RADIUS session which is then published to the sessions directory topic in pxGrid.  MAB with AD auth via PassiveID is what we call EasyConnect.  We take the RADIUS session from MAB and the PassiveID session from AD and merge them together.

Regards,

-Tim

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

ā€Ž02-16-2017 11:43 AM

Scott,

I'm not sure how there could be duplicate entries.  Could you provide an example?  PassiveID entries are essentially a session just like a RADIUS session which is then published to the sessions directory topic in pxGrid.  MAB with AD auth via PassiveID is what we call EasyConnect.  We take the RADIUS session from MAB and the PassiveID session from AD and merge them together.

Regards,

-Tim

0 Helpful

Go to solution
schason@cisco.com
Cisco Employee
Cisco Employee
In response to Timothy Abbott

ā€Ž02-16-2017 11:49 AM

In Stealthwatch, there is only 1 identity field. So if an endpoint uses MAB, the MAC will show up in that field. Same with PassiveID. So I could see how in Stealthwatch it would show up as 2 different identity entries for the one endpoint.

Scott Chason CISSPĀ®

CONSULTING SYSTEMS ENGINEER.SECURITY SALES - Stealthwatch

schason@cisco.com<mailto:schason@cisco.com>

Phone: 410-209-9776

Cisco.com<http://www.cisco.com>

Think before you print.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.

Please click here<http://www.cisco.com/web/about/doing_business/legal/cri/index.html> for Company Registration Information.

Preview file
3 KB
0 Helpful
Customers Also Viewed These Support Documents