12-23-2012 09:17 AM
I have two questions in ise
1- for guest user I will apply policy if he didn't update the anti virus he must update it so for the downloadable ACL which iP address I will open for it , (all internet or Ise will get the update and the user update from ISE) ?
2- FOR Wireless can we authenticate devices based on MAC and profiling ?
08-19-2013 12:26 PM
1.) You will provide access to whatever system you are going to allow the user to access, to get a virus scanner, or an updated signature.
e.g. you must find some way of letting the user know, via the NAC deny , that they were denied due to Posture, and give them a link with steps to remediate.
e.g. "Sorry you failed posture for no Virus Scan, please download AVGFree, etc...
ISE cannot "push" software to the user, it can only measure posture compliance on criteria you write in the authZ posture policy. The user will be required to physically go and retrieve the required app.
If you don't want to allow them out to do this, you can dump them into a QT VLAN, that has access to an internal server or DMZ host, which hosts the files for them.
04-12-2018 08:58 PM
In case you are using Cisco WLC or Meraki MR APs, then we should be able to a wireless network (SSID) to MAB-based control, use ISE for profiling and for authorization.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide