Hi everyone--trying to make sense of ISE licensing and what a client of mine is wanting to accomplish. They want to be able to do dot1X and have the machine authenticate via AD before the user even tries to authenticate and if it's not a domain machine, then do a reject access. My question is that able to be accomplished via base licensing or is that considered posturing/profiling?
Hi the requirement that you are requesting will work under the base feature set. You do not need advanced and coa is not required to make this work. You can build your authorization policies such that user authentications must pass a check for a previou successful machine authentication.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...