06-30-2016 12:15 PM
Are there are best practices around using ISE with source-guard, since source-guard will apply a port ACL, what do we recommend in terms of deployment in these cases?
07-03-2016 01:49 PM
IP Source Guard is a security feature on Cisco IOS switches but not on ISE so you should consult with the support and product teams on Cisco IOS switch platforms. There is no report on its conflicting with DOT1X so it should be safe to use.
IP source guard without DHCP - PacketLife.net shows it requires DHCP snooping enabled for static IP addresses.
04-17-2019 11:47 PM
Hi Hsai,
To stop mac spoofing normally recommendation is to enable Dynamic Arp inspection and IP source guard.
1)Will there be any issue to function ISE with dot1x ,if we enable above DAI and source guard.
2) Do we really need to enable DAI and Source guard ,in a ISE enabled environment. Can't ISE itself detect mac spoofing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide