08-07-2019 07:38 PM
Hi,
I have a customer, whose only use-case for ISE-PIC is sending Identity information to Stealthwatch. In this case,
1. I assume that MAB will Not be required on the switch ? And ISE can provide the session information received from AD connector to pxGrid subscribers.
OR
2. If it is required then what would be reason behind it ?
Thanks,
Naman
Solved! Go to Solution.
08-09-2019 03:21 PM
Combining MAB with passive ID for AD is generally called Easy Connect and it has two modes. Monitor mode where you simply make ISE learn username - IP mappings from the AD for context sharing purpose. And second mode where it can enforce based on passive identity which requires MAB. For ISE-PIC, only context sharing is supported.
08-09-2019 03:21 PM
Combining MAB with passive ID for AD is generally called Easy Connect and it has two modes. Monitor mode where you simply make ISE learn username - IP mappings from the AD for context sharing purpose. And second mode where it can enforce based on passive identity which requires MAB. For ISE-PIC, only context sharing is supported.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide