Solved: Ise 1.3 Inline posture node

Augustgood · ‎08-02-2015

hi,

who can explain me the function of inline posture node ? what feature are linked to to this type of node ?

Marvin Rhoads · ‎08-02-2015

That's correct, assuming it's Cisco's flavor of CoA (which relies in part on RADIUS A-V pairs which use Cisco's Vendor-Specific Attributes or VSAs).

A third party NAD can support standards-based CoA (via RFCs 3576 and 5176) and not necessarily work with ISE. Aerohive is one such example that I know of.

View solution in original post

Marvin Rhoads · ‎08-02-2015

The IPN is a node that is used to provide a subset of services (posture assessment and enforcement) for RADIUS clients communicating via a network access device that does not support the normal Cisco Change of Authorization (CoA) or Web redirection methods.

The most common use case was inline with a Cisco ASA running code prior to 9.2(1). That's what's shown here in the ISE Admin Guide.

With 9.2(1) or later the ASA can be used natively with ISE per this guide.

Augustgood · ‎08-02-2015

So, if i understand correctly, all device like WLC, ASA, SWITCH that support natively CoA do not need an IPN node.

right....?

Marvin Rhoads · ‎08-02-2015

That's correct, assuming it's Cisco's flavor of CoA (which relies in part on RADIUS A-V pairs which use Cisco's Vendor-Specific Attributes or VSAs).

A third party NAD can support standards-based CoA (via RFCs 3576 and 5176) and not necessarily work with ISE. Aerohive is one such example that I know of.