ISE to block windows XP machines from Network
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2017 07:50 AM - edited 03-11-2019 12:52 AM
Hi, I have been asked to configure ISE to block WIn Xp machines from accessing the network. I presume this is done under postering ? Deployed a couple of ISE devices and know my way around but certainly no expert in the box, any ideas welcome-
Tim.
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2017 09:09 AM
Hi
Will these XP machines be domain joined and be using 802.1x? ISE could learn the AD-Operating-System and deny access if this attribute contains "XP"
Alternatively, ISE has an endpoint profile called WindowsXP-Workstation. To become a member of this endpoint group, a device must satisfy at least one of the following conditions:
Type:IP User-Agent CONTAINS Windows NT 5.1
Type:NMAP SMB.operating-system CONTAINS Windows XP
Type:ACTIVEDIRECTORY AD-Operating-System CONTAINS Windows XP
hth
Andy
