Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
5
Helpful
1
Replies

MAB required with Passive Identity for Identity Exchange Only ?

Go to solution
mulatif
Cisco Employee
Cisco Employee

‎08-07-2019 07:38 PM

Hi,

I have a customer, whose only use-case for ISE-PIC is sending Identity information to Stealthwatch. In this case,

 

1. I assume that MAB will Not be required on the switch ?  And ISE can provide the session information received from AD connector to pxGrid subscribers.

OR

2. If it is required then what would be reason behind it ?

 

Thanks,

Naman

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎08-09-2019 03:21 PM

Combining MAB with passive ID for AD is generally called Easy Connect and it has two modes. Monitor mode where you simply make ISE learn username - IP mappings from the AD for context sharing purpose. And second mode where it can enforce based on passive identity which requires MAB. For ISE-PIC, only context sharing is supported.

View solution in original post

1 Reply 1

Go to solution
howon
Cisco Employee
Cisco Employee

‎08-09-2019 03:21 PM

Combining MAB with passive ID for AD is generally called Easy Connect and it has two modes. Monitor mode where you simply make ISE learn username - IP mappings from the AD for context sharing purpose. And second mode where it can enforce based on passive identity which requires MAB. For ISE-PIC, only context sharing is supported.

Customers Also Viewed These Support Documents