Cisco Cisco Identity Services Engine 1.1 トラブルシューティングガイド
Posture Services on the Cisco ISE Configuration
Guide
Guide
Document ID: 116143
Contributed by Antoine Kmeid, Cisco TAC Engineer.
Jul 25, 2013
Jul 25, 2013
Contents
Introduction
Prerequisites
Requirements
Components Used
Background Information
ISE Posture Services
Client Provisioning
Posture Policy
Authorization Policy
Posture Example Workflow
Endpoint Checklist
ISE Checklist
Configure ISE
ISE Configuration Overview
Configure and Deploy Client Provisioning Services
Configure Authorization Policy for Client Provisioning and Posture
Configure AV Posture Policy
Configure WSUS Remediation
Sample Switch Configuration
Global Radius and Dot1x Configuration
Default ACL to be Applied on the Port
Enable Radius Change of Authorization
Enable URL Redirection and Logging
Redirection ACL
SwitchPort Configuration
Sample WLC Configuration
Global Configuration
Employee SSID Configuration
Guest SSID Configuration
Employee Dot1x Posture (NAC Agent)
Guest CWA Posture (NAC Web Agent)
Frequently Asked Questions
Deployment Options Other than Client Provisioning
Discovery Host for the NAC Agent
Employee Browsers are Configured with Proxy
dACL and Redirection ACL
NAC Agent Does Not Pop Up
Unable to Access WSUS for Remediation
Do Not Have an Internal Managed WSUS
No Failed Authentication Seen in ISE Live Logs
Verify
Troubleshoot
Prerequisites
Requirements
Components Used
Background Information
ISE Posture Services
Client Provisioning
Posture Policy
Authorization Policy
Posture Example Workflow
Endpoint Checklist
ISE Checklist
Configure ISE
ISE Configuration Overview
Configure and Deploy Client Provisioning Services
Configure Authorization Policy for Client Provisioning and Posture
Configure AV Posture Policy
Configure WSUS Remediation
Sample Switch Configuration
Global Radius and Dot1x Configuration
Default ACL to be Applied on the Port
Enable Radius Change of Authorization
Enable URL Redirection and Logging
Redirection ACL
SwitchPort Configuration
Sample WLC Configuration
Global Configuration
Employee SSID Configuration
Guest SSID Configuration
Employee Dot1x Posture (NAC Agent)
Guest CWA Posture (NAC Web Agent)
Frequently Asked Questions
Deployment Options Other than Client Provisioning
Discovery Host for the NAC Agent
Employee Browsers are Configured with Proxy
dACL and Redirection ACL
NAC Agent Does Not Pop Up
Unable to Access WSUS for Remediation
Do Not Have an Internal Managed WSUS
No Failed Authentication Seen in ISE Live Logs
Verify
Troubleshoot