cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

221
Views
0
Helpful
1
Replies

ISE Remediation Zone Proviosing on Wireless

Dear All,

I am new to ISE and we are deploying ISE 2.3 in our environment. We have an employee SSID on which we are trying to do posturing.I have following queries:

1. If a client is not compliant  then is it possible to put that client in a remediation zone/quarantine zone where he will first remediate by updating critical updates from SCCM and some other policies. Will that client have a separate subnet in remediation zone? How to achieve this?

1 ACCEPTED SOLUTION

Accepted Solutions
Jason Kunst
Cisco Employee

Yes this is possible by returning in an authorization profile the name (preferred) or number of another VLAN

https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-authorization-profile/td-p/2025137

Recommendation is to use Scalable group tags and segmentation instead of VLAN changes.

View solution in original post

1 REPLY 1
Jason Kunst
Cisco Employee

Yes this is possible by returning in an authorization profile the name (preferred) or number of another VLAN

https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-authorization-profile/td-p/2025137

Recommendation is to use Scalable group tags and segmentation instead of VLAN changes.

View solution in original post

Content for Community-Ad