03-29-2022 07:56 AM - edited 03-29-2022 08:27 AM
1. I have a requirement to implement a wired/wireless NAC solution targeted at device end entities or IP devices. This will comprise of Workstations, IP Phones that are often attached / detached from the network. Cisco ISE will be integrated with other security sources e.g. SIEM.
2. The target end entity devices are part of a mobile equipment package (comprising Servers & Network equipment) which may be on the move at anytime, anywhere. The target Workstations & IP Phones are connected to an Access Switch/Access Point also within the mobile equipment package.
3. There are more than 30 units of this mobile equipment packages. The mobile equipment package must be able to operate autonomously while still being able to be managed centrally from a static Data Centre location.
4. The PSN will be deployed to a mobile equipment package which communicates over a very limited bandwidth (GPRS - 2G) to a static Data Centre location hosting the PAN (in HA setup) while also expected to operate in a disconnected state (No network connectivity between PAN & PSN).
Having explored this two articles:
(i) -- https://community.cisco.com/t5/network-access-control/when-psn-looses-connection-to-both-pan/m-p/3750603#M488127
I have two questions regarding licensing, and distributed identity sources.
A. If identity source(s) is not centralized, and each PSN is to have its own Identity Source hosted (a local Domain Controller) on each mobile equipment package. Will this solution work?
B. Can Passive Identity Service be enabled per local Domain Controller? Ideally, we want active authentication to the local DC.
C. The same constraints applies to licensing, will PSN continue to work if it is disconnected from PAN for up to 72 hours?
Solved! Go to Solution.
03-29-2022 08:48 AM
I have two questions regarding licensing, and distributed identity sources.
A. If identity source(s) is not centralized, and each PSN is to have its own Identity Source hosted (a local Domain Controller) on each mobile equipment package. Will this solution work?
B. Can Passive Identity Service be enabled per local Domain Controller? Ideally, we want active authentication to the local DC.
C. The same constraints applies to licensing, will PSN continue to work if it is disconnected from PAN for up to 72 hours?
03-29-2022 08:48 AM
I have two questions regarding licensing, and distributed identity sources.
A. If identity source(s) is not centralized, and each PSN is to have its own Identity Source hosted (a local Domain Controller) on each mobile equipment package. Will this solution work?
B. Can Passive Identity Service be enabled per local Domain Controller? Ideally, we want active authentication to the local DC.
C. The same constraints applies to licensing, will PSN continue to work if it is disconnected from PAN for up to 72 hours?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide