cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

357
Views
0
Helpful
4
Replies
Highlighted
Beginner

Cisco ISE BYOD with mcafee and wsus

Hello,

we want to realize a BYOD strategie with use our mcafee and wsus infratructure.

I know that cisco ise can implement these server with a special licence.

Is there from cisco a whitepaper how to implement this BYOD strategie in LAN and WLAN?

What are the requirements (additional software on clients, supported operation systems, wsus and mcafee versions...)? How are treated unknown devices? Are supported android, blackberry, windows phones and apple os? Is pxe boot supported?

 

thanks for answer.

 

Marco

4 REPLIES 4
Cisco Employee

Hi Marco,

Hi Marco,

The closest document I can find is following:

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/119214-configure-ise-00.html

The idea is that if you want to force BYOD devices (like windows tablets) to be compliant with your wsus requirement, the device must have a client installed that can perform the compliance check. The supported client for such purpose is Anyconnect, so you are essentially pushing Anyconnect to the BYOD devices in order to check if latest update is installed, mcafee is up to date etc. This feature (posture) requires advanced license on ISE. The document also contains further version requirement info.

Kurt

Beginner

Many thanks Kurt.

Many thanks Kurt.

Can AnyConnect check the system status (wsus and mcafee) also if the user doesn't establish a VPN connection (quasi passive)?
Our clients should connect to a lan or wlan without establishing a vpn connection. I have read about Cisco NAC Agent. Is this to recommend? Can 802.1X be a solution?
You posted a link for wsus implementation. Is there also a weblink for mcafee?

Cisco Employee

Anyconnect posture module

Anyconnect posture module (which checks for wsus/av compliance) is independent of the VPN module, so you can just push the posture module on its own. NAC Agent is a dated product and it's not covered in the document I found, so I'm not sure if it's supported for that scenario. I don't see any document specifically for mcafee integration, but ISE does have built-in posture requirements for mcafee as/av.

Beginner

Is there an official cisco

Many thanks. That sounds good.

Is there an official cisco dokument where I can find all features and maybe the requirements (License Terms, AV version, WSUS version, AnyConnect version...)?