Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2070
Views
6
Helpful
2
Replies

ISE with Dell Zero Client Solution

Go to solution
Sherif El Shourafah
Cisco Employee
Cisco Employee

‎05-01-2017 11:43 PM

Experts,

My Customer is looking to deploy ISE within a greenfield environment where DELL zero clients are proposed to them. Do we have any specific guide for this type of deployment that I can share? Our client is against deploying thin clients or traditional desktops where supplicants could be deployed, Do we have any document internally or guide that i can share with my customer ?.

Sherif.

1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎05-02-2017 02:06 PM

Is there a reason the customer is against enabling 802.1X on the Dell zero clients? I assume the terminals can be centrally managed and configured for 802.1x, and would be the best way for authenticating to the network. If the customer does not want to enable the supplicant on the clients, then they can use MAB (MAC Authentication Bypass) along with whitelist that can be manually populated or dynamically populated using ISE profiling. Then authorize them to the network based on the fact that they are part of the white list. If using profiling, note that profiling provides categorization of different endpoint class/types, but not necessarily the ownership of the endpoint.

Hosuk

View solution in original post

2 Replies 2

Go to solution
howon
Cisco Employee
Cisco Employee

‎05-02-2017 02:06 PM

Is there a reason the customer is against enabling 802.1X on the Dell zero clients? I assume the terminals can be centrally managed and configured for 802.1x, and would be the best way for authenticating to the network. If the customer does not want to enable the supplicant on the clients, then they can use MAB (MAC Authentication Bypass) along with whitelist that can be manually populated or dynamically populated using ISE profiling. Then authorize them to the network based on the fact that they are part of the white list. If using profiling, note that profiling provides categorization of different endpoint class/types, but not necessarily the ownership of the endpoint.

Hosuk

Go to solution
paul
Level 10
Level 10
In response to howon

‎05-02-2017 04:05 PM

In addition to what Hosuk said if they do the whitelist/profile route you should be able to craft a pretty tight DACL for these devices.  I haven't worked with Dell zero clients specifically but other thin client solutions and a very tight DACL was relatively easy to craft.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents