08-02-2015 03:30 AM - edited 03-10-2019 10:57 PM
hi,
who can explain me the function of inline posture node ? what feature are linked to to this type of node ?
Solved! Go to Solution.
08-02-2015 05:13 PM
That's correct, assuming it's Cisco's flavor of CoA (which relies in part on RADIUS A-V pairs which use Cisco's Vendor-Specific Attributes or VSAs).
A third party NAD can support standards-based CoA (via RFCs 3576 and 5176) and not necessarily work with ISE. Aerohive is one such example that I know of.
08-02-2015 06:45 AM
The IPN is a node that is used to provide a subset of services (posture assessment and enforcement) for RADIUS clients communicating via a network access device that does not support the normal Cisco Change of Authorization (CoA) or Web redirection methods.
The most common use case was inline with a Cisco ASA running code prior to 9.2(1). That's what's shown here in the ISE Admin Guide.
With 9.2(1) or later the ASA can be used natively with ISE per this guide.
08-02-2015 02:12 PM
So, if i understand correctly, all device like WLC, ASA, SWITCH that support natively CoA do not need an IPN node.
right....?
08-02-2015 05:13 PM
That's correct, assuming it's Cisco's flavor of CoA (which relies in part on RADIUS A-V pairs which use Cisco's Vendor-Specific Attributes or VSAs).
A third party NAD can support standards-based CoA (via RFCs 3576 and 5176) and not necessarily work with ISE. Aerohive is one such example that I know of.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: