cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
703
Views
0
Helpful
3
Replies

Posture Assesment Bypass

rmujeeb81
Level 1
Level 1

 

Hello All,

One of the customer is having ISE in their environment and they have windows 7 & 8 for end users. However they want to connect a windows server 2003 workstation on the user vlan but as far as I know there is no NAC agent available for windows server platform ?? if this is true then how we can by pass the posture assessment for that specific windows server 2003 from ISE ?

 

Thanks & Regards,

 

3 Replies 3

mohanak
Cisco Employee
Cisco Employee

You can enforce a posture requirement to be one of the following items types:

 

Mandatory—This option enforces the client to meet the posture requirement. The user cannot proceed or have access to the network unless the client meets the posture requirement.

 

Optional—This option does not enforce the client to meet the posture requirement. The client can bypass the requirement, if required. The client does not require to meet the requirement for the user to proceed or have network access.

 

Audit—This option checks the client for the posture requirement without notifying the user. It does not affect user network access.

For certain devices, you may want to bypass authentication, posture assessment, role assignment, or any combination thereof. Common examples of bypassed device types include printers, IP phones, servers, nonclient machines, and network devices.

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_pos_pol.html

Venkatesh Attuluri
Cisco Employee
Cisco Employee

you need to create an Authorisation Policy that matches "PostureApplicable Equals No" above the Authorisaton Policies you have defined for PostureStatus Equals Compliant and PostureStatus Not_Equals Compliant.

Any devices that are not capable of posture assessment (e.g. your mobile devices) will match this rule and bypass the NAC process before hitting the rule you are currently matching.

Hi vattullu,

I don't have PostureApplicable as an option.  I only have PostureStatus.  Which version of ISE are you using ?

Thx

 

Tony

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: