Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

EPS or Black Lists???

Unanswered Question
Oct 29th, 2013
User Badges:

Hello All,

Question about Cisco ISE.

What a difference between EPS and using blacklist indentity group?

In which case it preferable to use EPS or Blacklisting?

Best regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
blenka Wed, 10/30/2013 - 17:30
User Badges:



Endpoint Protection Services (EPS) is a service  that runs on the Cisco Identity Services Engine Administration node to  extend the monitoring and controlling of endpoints. You can use EPS to  monitor and change the authorization state of an endpoint without having  to modify the overall Authorization Policy of the system. EPS supports  both wired and wireless deployments.

Blacklist :

The Cisco ISE administrator can now  "blacklist" wireless user devices that get "lost," or otherwise become  unusable or are taken out of circulation, until the device is reinstated  or is completely removed from the network. Cisco ISE removes  "blacklisted" devices from the network, and they are not allowed on the  network again until the device is reinstated. In order to set up the  authorization policy in Cisco ISE, you also must ensure you add a  compatible dynamic ACL on any associated network access devices in your  deployment to manage these wireless users.

aqjaved Sun, 11/03/2013 - 08:35
User Badges:
  • Bronze, 100 points or more

The Cisco ISE offers different ways to prevent a lost or stolen device from connecting to the network. The My Devices Portal allows the employee to mark a device as lost and prevent others from gaining unauthorized access with that device. In addition, if the device is connected to the network when the device is marked as lost, the ISE may issue a Change of Authorization (CoA) to force the endpoint off the network. The administrator is also able to blacklist a device and force the endpoint off the network. In addition, the administrator is able to use Endpoint Protection Services (EPS) to quarantine an endpoint from the network

Please check the below guide which may be helpful for you



This Discussion

Related Content