cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2810
Views
5
Helpful
3
Replies

ISE and Infoblox Integration

Krzysztof Grabowski
Cisco Employee
Cisco Employee

Hi Team,

 

Could you please help me clarify a few points with ISE 2.4 to pxGrid integration with Infoblox 8.3? In one of our deployments with initial configuration we see 2 subscribers attached to the Grid:

  • infoblox_client_subscribe_... with Core and SessionDirectory capabilities 
  • infoblox_client_publish_.... with Core capability only

1. Which one of above is expected to issue the EPS quarantine events and should be placed in "EPS" client group (non of the two has "EndpointProtectionSevice" listed in the capabilities)?

 

2. The note in the ISE 2.2 integration guide states that " Cisco ISE 2.2 does not support any IPAM and HCP information". Has this changed in ISE 2.4 - can ISE consume these attributes? 

image.png

3. Does (and if so, how) ISE 2.4 consume "Network Insight" sourced information?

  • Would ISE create endpoints based on Infoblox provided data (seems not feasible as I don't see MAC in attributes)? 
  • Would ISE enrich existing endpoints attributes? 
  • If above is true, can we use Infoblox sourced attributes in ISE profiling policies? 

image.png

 

4. Infoblox adds a few action groups: IPAM_Publish, DHCP_Publish etc... (don't have the exact names handy now). How should be assign these action groups to pxGrid subscribers in order to allow EPS and Infoblox attributes consumption on ISE? 

 

Cheers,

Chris

 

 

 

 

1 Accepted Solution

Accepted Solutions

jeppich
Cisco Employee
Cisco Employee

Hey Chris,

 

Email me directly and we can schedule a webex to discuss.

 

In the meanwhile, Infoblox DOES NOT send any information for ISE to consume.  Infoblox uses pxGrid 1.0 and DOES NOT use pxGrid 2.0.

 

Infoblox publishes the IPAM and DHCP tables, however, ISE DOES NOT CONSUME this information, this would be for ecosystem partners connected to the grid to subscribe to these topics.

 

Infoblox consumes session information from ISE via pxGrid to the to populate the Infoblox IPAM table information. This is achieved by Infoblox subscribing to the pxGrid sessiondirectory topic.  Infoblox can also take mitigation actions on the endpoint by subscribing to the pxGrid EndpointProtection Service capability topic and is dependent on the Session:EPSStatus:Quarantine ISE authorization policy.

 

Thanks,

John

jeppich@cisco.com

 

 

 

 

 

View solution in original post

3 Replies 3

jeppich
Cisco Employee
Cisco Employee

Hey Chris,

 

Email me directly and we can schedule a webex to discuss.

 

In the meanwhile, Infoblox DOES NOT send any information for ISE to consume.  Infoblox uses pxGrid 1.0 and DOES NOT use pxGrid 2.0.

 

Infoblox publishes the IPAM and DHCP tables, however, ISE DOES NOT CONSUME this information, this would be for ecosystem partners connected to the grid to subscribe to these topics.

 

Infoblox consumes session information from ISE via pxGrid to the to populate the Infoblox IPAM table information. This is achieved by Infoblox subscribing to the pxGrid sessiondirectory topic.  Infoblox can also take mitigation actions on the endpoint by subscribing to the pxGrid EndpointProtection Service capability topic and is dependent on the Session:EPSStatus:Quarantine ISE authorization policy.

 

Thanks,

John

jeppich@cisco.com

 

 

 

 

 

Thanks John!

John and Community,

 

Wondering if anyone has experience moving to 2.6p2 with Infoblox solution? We are considering moving a client from 2.4 to 2.6p2 which is a trusted rev we have many clients on. Any items we should watch out for as we move to more recent code with regard to PXGrid / Infoblox? We will, of course, be updating the lab first, but know Infoblox has some set requirements, and can't find any compatibility details. 

 

I just saw 2.7p1 is now blessed as well and sounds like that has good metrics as well. 


Thank you for your time in advance.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: