I am planning wired ISE for large university network where authenticated users will be assigned to a default data vlan by default.
There are a few departments across the university that will require thier own vlans, usually in specific locations.
'medical' vlan name is configured on access switches in a medical building, so any users in the medical group will be placed in a medical vlan on successful authentication, so they can access sensitive information.
However, If those users go to other locations, where 'medical' is not configured on the access switches they will get no network access at all.
I would like ISE to offer a 'secondary' option of the 'default data' vlan, so the authenticated user can still access core college resources+www wherever they are, even if they are not able to access specific 'medical' resources.
Also if you are using ISE 1.2 you have the ability to run policy sets. In each policy set you can break apart the sets based on location and then use your conditions to map to the authorization profile you want.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...