Solved: ISE 2.4 questions

elapaz · ‎07-08-2018

Hello Experts,

Several questions:

1. How can we detect the existence of more then 1 NIC in the the endpoint?

2. How can we query endpoint like IP-Phone using SSH in order to allow access?

3. What fail-safe can we trigger in order to validate the health of the ISE deployment - other products offers trigger like "X number of endpoints was block during last 5 minutes which mean we have an issue"....

thank you,

Craig Hyps · ‎07-09-2018

1. AnyConnect Identity Extensions will communicate all interfaces to ISE over VPN. We also track via Posture process.

2. ISE does not query phones via SSH to enable access. ISE leverages basic authentication (for example, 802.1X from phone supplicant) or MAC authentication combined with profiling which can use passive methods to determine device type to restrict access to authorized phones.

3. ISE provides a number of health metrics and will communicate health in terms of latency, failed auth attempts, or server resources.

View solution in original post

Craig Hyps · ‎07-09-2018

1. AnyConnect Identity Extensions will communicate all interfaces to ISE over VPN. We also track via Posture process.

2. ISE does not query phones via SSH to enable access. ISE leverages basic authentication (for example, 802.1X from phone supplicant) or MAC authentication combined with profiling which can use passive methods to determine device type to restrict access to authorized phones.

3. ISE provides a number of health metrics and will communicate health in terms of latency, failed auth attempts, or server resources.