Dear community,
I have integrated Cisco ISE and AMP with intention to leverage threat centric data in authorization rules.
I can see threat centric data and compromised endpoint within the ISE after executing false-exploit, like status "Painful", etc...
Dear community,
I'm ISE beginner, and my task is to design isolation options on ISE.
What I tried:I've been reading that adaptive network control (ANC) can be great option, so I tried it with Access-Reject option - this didn't work as most of our dep...
Dear community,
I'm new at Cisco ISE and I've been working on some quarantine options.
In my example, I used Authorization Profile with dACL with result Acess-Accept and deny ip any any. Then I've attached it to the host via Adaptive Network Control...
Dear community,
I'm pretty new at Cisco ISE, however I have very essential question.
My goal is to prepare isolation rules, I was reading about Adaptive Network Control and options it goes with.
I think Acces-Reject option will be the best, but we us...
Got it, thanks.So from my understanding, I have to make sure that I have L2 switch that has TCAM so its able to work with dACL.
Dumb question now, since it has TCAM, if I push dACL ip deny any to the switch, the host should not be able to communicate...
Hello, thanks for the answer.Indeed we have SDA on some locations, but I would need to understand it more as its handled by our network team.But to not complicate things at first, I can split it into 3 goals:1. What will be initially the best way to ...
Hello, thanks for the answer. I've created new discussion for this particular topic.Can you please explain it more from the low-level?How can L2 switch process L3 information, since it works with MACs only? Does it have something to do with TCAM?
Dear all,
since I'm addressing here two different topics, I've decided to create two discussions:
How dACL works on L2 switch?Cisco ISE - downloadable ACL (dACL) and Layer 2 switch - Cisco CommunityBest and simplest way to isolate a host?Cisco ISE - ...
