Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1493
Views
5
Helpful
1
Replies

ISE to block windows XP machines from Network

tjames2
Level 1
Level 1

‎07-20-2017 07:50 AM - edited ‎03-11-2019 12:52 AM

Hi, I have been asked to configure ISE to block WIn Xp machines from accessing the network. I presume this is done under postering ? Deployed a couple of ISE devices and know my way around but certainly no expert in the box, any ideas welcome-

Tim.

Labels:
0 Helpful
1 Reply 1

andrewswanson
Level 7
Level 7

‎07-20-2017 09:09 AM

Hi

Will these XP machines be domain joined and be using 802.1x? ISE could learn the AD-Operating-System and deny access if this attribute contains "XP"

Alternatively, ISE has an endpoint profile called WindowsXP-Workstation. To become a member of this endpoint group, a device must satisfy at least one of the following conditions:

Type:IP User-Agent CONTAINS Windows NT 5.1
Type:NMAP SMB.operating-system CONTAINS Windows XP
Type:ACTIVEDIRECTORY AD-Operating-System CONTAINS Windows XP

hth
Andy

Customers Also Viewed These Support Documents