cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1714
Views
6
Helpful
2
Replies

ISE with Dell Zero Client Solution

Sherif El Shourafah
Cisco Employee
Cisco Employee

Experts,

My Customer is looking to deploy ISE within a greenfield environment where DELL zero clients are proposed to them. Do we have any specific guide for this type of deployment that I can share? Our client is against deploying thin clients or traditional desktops where supplicants could be deployed, Do we have any document internally or guide that i can share with my customer ?.

Sherif.

1 ACCEPTED SOLUTION

Accepted Solutions

howon
Cisco Employee
Cisco Employee

Is there a reason the customer is against enabling 802.1X on the Dell zero clients? I assume the terminals can be centrally managed and configured for 802.1x, and would be the best way for authenticating to the network. If the customer does not want to enable the supplicant on the clients, then they can use MAB (MAC Authentication Bypass) along with whitelist that can be manually populated or dynamically populated using ISE profiling. Then authorize them to the network based on the fact that they are part of the white list. If using profiling, note that profiling provides categorization of different endpoint class/types, but not necessarily the ownership of the endpoint.

Hosuk

View solution in original post

2 REPLIES 2

howon
Cisco Employee
Cisco Employee

Is there a reason the customer is against enabling 802.1X on the Dell zero clients? I assume the terminals can be centrally managed and configured for 802.1x, and would be the best way for authenticating to the network. If the customer does not want to enable the supplicant on the clients, then they can use MAB (MAC Authentication Bypass) along with whitelist that can be manually populated or dynamically populated using ISE profiling. Then authorize them to the network based on the fact that they are part of the white list. If using profiling, note that profiling provides categorization of different endpoint class/types, but not necessarily the ownership of the endpoint.

Hosuk

In addition to what Hosuk said if they do the whitelist/profile route you should be able to craft a pretty tight DACL for these devices.  I haven't worked with Dell zero clients specifically but other thin client solutions and a very tight DACL was relatively easy to craft.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: