Solved: ISE vlan enclosure

Kaleby Cadorin · ‎03-15-2013

Here is my scenario.

I have some industrial machines that doesn't support Antivirus and we even put them on the domain, because of the risk of a security breach. But at the same time those machines need to access the NAS to copy some configuration files.

My doubt is how ISE can help me put those machines on the network keeping the other vlans safe from a risk of infection or possible data loss or even inside attacks. Theres any way we can enforce security on those machines, letting them access network but not accessible from others only with ISE? And when i mean enforce im talking not only keeping the vlan unaccessible but some rules to avoid use of firewall in the middle.

We dont have ISE yet but its on the way and im trying to figure how it works.

I would be glad for some help here. Thanks

Tarik Admani · ‎03-15-2013

Kaleby,

You can segement these devices based on mac address if you like and dump them on their own vlan and also send a DACL (if wired) so they only have access to specific services. Let me know if that hits your requirement.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

Tarik Admani · ‎03-15-2013

Kaleby,

You can segement these devices based on mac address if you like and dump them on their own vlan and also send a DACL (if wired) so they only have access to specific services. Let me know if that hits your requirement.

Thanks,

Tarik Admani
*Please rate helpful posts*