ISE to block windows XP machines from Network

tjames2 · ‎07-20-2017

Hi, I have been asked to configure ISE to block WIn Xp machines from accessing the network. I presume this is done under postering ? Deployed a couple of ISE devices and know my way around but certainly no expert in the box, any ideas welcome-

Tim.

andrewswanson · ‎07-20-2017

Hi

Will these XP machines be domain joined and be using 802.1x? ISE could learn the AD-Operating-System and deny access if this attribute contains "XP"

Alternatively, ISE has an endpoint profile called WindowsXP-Workstation. To become a member of this endpoint group, a device must satisfy at least one of the following conditions:

Type:IP User-Agent CONTAINS Windows NT 5.1
Type:NMAP SMB.operating-system CONTAINS Windows XP
Type:ACTIVEDIRECTORY AD-Operating-System CONTAINS Windows XP

hth
Andy

ISE to block windows XP machines from Network

Network Services Orchestrator (NSO) - How To

Secure Access: Block Page が表示されない

[UCS-C] CIMC UI 上での DIMM Block Listing 設定項目について

Secure Network Analytics :SNAのISE連携トラブル時のDebug設定とログ取得について

Secure Network Analytics :SNAとISE連携におけるANC Policyの端末隔離動作について