Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
633
Views
0
Helpful
2
Replies

ISE with ip source-guard

jaosgood
Cisco Employee
Cisco Employee

‎06-30-2016 12:15 PM

Are there are best practices around using ISE with source-guard, since source-guard will apply a port ACL, what do we recommend in terms of deployment in these cases?

0 Helpful
2 Replies 2

hslai
Cisco Employee
Cisco Employee

‎07-03-2016 01:49 PM

IP Source Guard is a security feature on Cisco IOS switches but not on ISE so you should consult with the support and product teams on Cisco IOS switch platforms. There is no report on its conflicting with DOT1X so it should be safe to use.


IP source guard without DHCP - PacketLife.net shows it requires DHCP snooping enabled for static IP addresses.


0 Helpful

hasitha siriwardhana
Level 1
Level 1
In response to hslai

‎04-17-2019 11:47 PM

Hi Hsai,

 

To stop mac spoofing normally recommendation is to enable Dynamic Arp inspection and IP source guard. 

 

1)Will there be any issue to function ISE with dot1x ,if we enable above DAI and source guard.

 

2) Do we really need to enable DAI and Source guard ,in a ISE enabled environment. Can't ISE itself detect mac spoofing

0 Helpful
Customers Also Viewed These Support Documents