User Info

Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: ISE 1.2 and NAC Protocols  (Read 4475 times)

Offline achelovekov

  • Cisco Newbie
  • *
  • Posts: 1
  • Reputation: 0
  • Certification: CCNP
ISE 1.2 and NAC Protocols
« on: December 23, 2013, 05:37:29 AM »
Question 1:
Within Cisco ISE 1.2 NAC deployment (with 802.1x), which protocols are used for delivering posture status to ISE posture service, and how ISE can delivery policy to switch.
Please, clarify the full flow of operation with Posture Agents and ISE

Question 2:
As Cisco NAC Appliance is used for NAC purposes, we no longer need to use 802.1x (am i right?). So by which means and protocols NAC Agents send and receive posture information?

As a read, SWISS protocol is used for Agents management (am i right?)

Thanks in advance

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 399
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: ISE 1.2 and NAC Protocols
« Reply #1 on: December 23, 2013, 05:57:51 AM »
1. Can't seem to find a Cisco doc that explain this fully but the ideas are
     - Client pass RADIUS authen (802.1x or MAB) and ISE send posture redirect URL
     - NAC Agent goes through server discovery. Here is more info       You are not allowed to view links. Register or Login
     - NAC Agent goes through posture assessment while in communication with ISE over SWISS
     - Client pass/fail assessment and ISE return appropriate authorization profile via RADIUS to switch/WLC

2. NAC Agent is not a replacement of 802.1X supplicant (at least until it gets rolled into the AnyConnect client). As explained above, authentication and posture assessment are two separate processes.


SimplePortal 2.3.7 © 2008-2024, SimplePortal