Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
3
Replies

ISE queries

Go to solution
ymadheka
Level 4
Level 4

‎03-14-2018 02:47 AM

Hi Team,

We are working on an opportunity of ISE with PoC currently in progress have some queries for which need clarity:

  • Is there any mechanism we can provide real time alert on connection of unauthorized device on wired / wireless network?

  • The customer is currently not having 802.1x authentication setting enabled on the end user laptops. For the authentication part we need to enable the same on the end user machines which is done manually in the PoC activity, can the same done through active directory via a script or something. As I recall the Cisco IT team had a script to be executed on machine to make this setting without manual intervention. Do we have such script to be shared with the customer to make the setting automated?

  • For for guest and employee user accessing through wired connectivity on the same switch can we make guest redirected to the portal assuming the port can be used by any of the user namely employee or guest. As per my understanding Easyconnect can be the solution here.

Thanks in advance for any help.

Thanks & Regards,

Yogesh Madhekar

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎03-14-2018 06:39 AM

Whether or not a device is authorized or not is a policy decision.  ISE does clearly show which endpoints are hittin specific rules and reports can be run  to show those that failed auth, rejected, or assigned a specific policy.  We don't trigger alarms as this would be just noise in production deployment, but it is possible to send the auth logs to 3rd-party logger or event manager which triggers alarm of choice based on matching events.

Customers can leverage GPOs to configure AD clients for 802.1X.  Other methods include MDM or ISE's own BYOD feature.

Yes, switchports can handle multiple auth type on single port including 802.1X, MAB, and Web Auth.  This is called Flex Auth.

It recommend reviewing How To guides in our Community related to basic ISE setup and configuration including switch configuration.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Craig Hyps
Level 10
Level 10

‎03-14-2018 06:39 AM

Whether or not a device is authorized or not is a policy decision.  ISE does clearly show which endpoints are hittin specific rules and reports can be run  to show those that failed auth, rejected, or assigned a specific policy.  We don't trigger alarms as this would be just noise in production deployment, but it is possible to send the auth logs to 3rd-party logger or event manager which triggers alarm of choice based on matching events.

Customers can leverage GPOs to configure AD clients for 802.1X.  Other methods include MDM or ISE's own BYOD feature.

Yes, switchports can handle multiple auth type on single port including 802.1X, MAB, and Web Auth.  This is called Flex Auth.

It recommend reviewing How To guides in our Community related to basic ISE setup and configuration including switch configuration.

0 Helpful

Go to solution
ymadheka
Level 4
Level 4
In response to Craig Hyps

‎03-15-2018 06:35 AM

Hi Craig,

For the 802.1x authentication customer is expecting for the automation through some script. Although have mentioned that it is not we include as a part of PoC and deployment scope.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎03-14-2018 08:04 AM

Would recommend separating the issues so they can be addressed one by one

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents