Solved: ISE nac agent provisioning question

Jeppe Flensted · ‎08-04-2012

I have downloaded the nac agents and compliancy modules to the ISE, and configured the client provisioning rules. The user guide doesn't really explain the next steps very good.

I guess because User Identity Groups are used in the policy, the provisioning is used with webauth, is that correct?

Tarik Admani · ‎08-04-2012

Jeppe,

The client provisioning is done with any authentication method. Either via dot1x or webauth, it is the authorization policy that starts this process. You redirect your clients the client provisioning portal using the authorization policy. Then you determine which agent (web agent, nac agent, or no agent) via the client provisioning policy.

Hope that helps,

Tarik Admani
*Please rate helpful posts*

View solution in original post

Tarik Admani · ‎08-04-2012

Jeppe,

The client provisioning is done with any authentication method. Either via dot1x or webauth, it is the authorization policy that starts this process. You redirect your clients the client provisioning portal using the authorization policy. Then you determine which agent (web agent, nac agent, or no agent) via the client provisioning policy.

Hope that helps,

Tarik Admani
*Please rate helpful posts*

Jeppe Flensted · ‎08-04-2012

thanks alot. So I could do an authz policy saying redirect to webauth, and when the user login they will be asked to download the nac agent?

Tarik Admani · ‎08-04-2012

That is correct, but make sure you set the right portal. You want to set it to the client provisioning portal seen in this screenshot attached

Tarik Admani
*Please rate helpful posts*

Jeppe Flensted · ‎08-04-2012

Thanks!