I have multiple production VLANs and I know ISE can enforced VLAN but I just thought how will the endpoint communicates to ISE if the endpoint does not have an IP address in its initial connection? How will ISE get an IP address in the DHCP server if ISE does not enforced yet which VLAN should the endpoint will be?
Hi, It's the NAD (the switch) that communicates with the RADIUS server not the client directly. The client would not receive an IP address until after successful authentication.
Hi, It's the NAD (the switch) that communicates with the RADIUS server not the client directly. The client would not receive an IP address until after successful authentication.
If that is the case, what is the use of the pre-authentication ACLs? Just for redirection of traffic to CWA? What if, I am not using CWA just a simple authz policies, do I still need the ACLs?
