Duplicate of ISE Passive-ID identity sharing and pxg...
Regarding licensing, base only applies to Cisco subscribers. Still needs 1:1 plus to base for non-Cisco subscribers.
I am not aware a way to subscribe selectively between active and passive auth sessions. However, the SDK has subnet filters. For example, How to use Data Exchange Layer with Cisco Platform Exchange Grid (pxGrid) shows,
| Field |
Description |
| pxGrid Hosts |
Enter the host name or IP address for the pxGrid controllers that the DXL brokers connect to. |
| Client Name Prefix |
This field identifies the name of the client connection from the DXL brokers to the pxGrid fabric in the Cisco ISE console. You can change this name, and it is updated in the pxGrid user interface. |
| Client Description |
This field identifies the description of the client connection from the DXL brokers to the pxGrid fabric in the Cisco ISE console. You can change this description, and it is updated in the pxGrid user interface. |
| Client Groups |
Specifies the group capabilities for which the DXL brokers bridging to Cisco pxGrid are requesting access. If you do not want a capability to be available via the bridge between DXL and Cisco pxGrid, click the minus icon to remove it. To enter a new capability, click the plus icon. |
| Certificate Password |
The password used to create the certificate in Cisco ISE for use with DXL. |
| Notifications |
Notifications are received via the pxGrid fabric. Select the types of notifications to bridge from the pxGrid fabric to DXL. |
| Session Notification Subnet Filter |
Receive session notifications from specific subnets. Leave this field empty to receive session notifications for all subnets, or enter a comma-separated subnet address to receive notifications only from those subnets. For example:
1.0.0.0/255.0.0.0,1234::/16 |
