NOTE: This document is old as it utilizes older version of ISE and pxGrid that are either EOS or being removed from the product. As of ISE 2.4 we develop pxGrid 2.0. In ISE 3.1 pxGrid 1.0 is removed, please work with vendor for latest documentation. We will use this as older reference but maybe removed in the future.
This document is for Cisco engineers and customers who are planning to integrate Infoblox NIOS and Cisco Identity Service Engine (ISE) 2.1 using Cisco Platform Exchange Grid (pxGrid). Infoblox NIOS version 7.3.6 software was used for both the virtual Grid Master and Network Discovery (ND) member.
This document includes:
- Configuring Infoblox and the ISE pxGrid node for both Self-signed and CA-signed certificates
- Configuring the Infoblox Grid Master (GM) and Infoblox Network Discovery (ND) member
- Configuring DHCP and DNS services on the Infoblox GM
- Configuring Infoblox ISE Ecosystem parameters and connecting to the ISE pxGrid node
- Creating Infoblox DHCP and IPAM notifications for publishing Dynamic Topic information
- Creating Infoblox RPZ notifications to send blocked DNS responses to the ISE pxGrid
- Creating ISE EPS Quarantine Authorization policy
- Populating Infoblox IPAM table with pxGrid session information
- Quarantining an endpoint due to an Infoblox RPZ violation
The reader will observe and become familiar with the ISE user session information that will populate the IPAM table for more contextual information around IP events. Additionally, a RPZ (Response Policy Zone) will be created for blocking www.yahoo.com , with the results the of the endpoint being quarantined.
ISE was configured in a Stand-alone environment for testing. For configuring ISE in a distributed environment, please see https://communities.cisco.com/docs/DOC-68284