Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1823
Views
0
Helpful
2
Replies

ISE-Meraki MS posture support?

Go to solution
rmelhem
Level 1
Level 1

‎09-01-2017 07:57 AM

Hi, as per the ISE-Meraki Integration doc, posture is supported on the Meraki MS platforms. On page 5, there is a note that says "Requires Inline Posture Node. Is this note referring to the Meraki MX platforms or to the Meraki MS platforms as well? IPN functionality has been deprecated on Cisco ISE.

https://communities.cisco.com/docs/DOC-68192

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎09-01-2017 08:23 AM

Based on this about Inline Posture Nodes:

Role of Inline Posture Node in a Cisco ISE Deployment

An Inline Posture node is a gatekeeper that enforces access policies and handles change of authorization (CoA) requests. An Inline Posture node is positioned behind the network access devices on your network that are unable to accommodate CoA requests, such as wireless LAN controllers (WLCs) and VPN devices.

After the initial authentication of a client using the EAP/802.1x and RADIUS protocols, the client must go through posture assessment. The posture assessment process determines whether the client should be restricted, denied, or allowed full access to the network. When a client accesses the network through a WLC or VPN device, an Inline Posture node is responsible for the policy enforcement and CoA that these devices are unable to accommodate.

Cisco Identity Services Engine User Guide, Release 1.2 - Setting up Inline Posture [Cisco Identity Services Engine] - Ci…

The reason IPNs were deprecated was the fact that most devices can now perform CoA.  The guide you linked, though dated 2017, was written for ISE 1.3.

MS Supports CoA and can be used for ISE Posture without IPN

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎09-01-2017 08:23 AM

Based on this about Inline Posture Nodes:

Role of Inline Posture Node in a Cisco ISE Deployment

An Inline Posture node is a gatekeeper that enforces access policies and handles change of authorization (CoA) requests. An Inline Posture node is positioned behind the network access devices on your network that are unable to accommodate CoA requests, such as wireless LAN controllers (WLCs) and VPN devices.

After the initial authentication of a client using the EAP/802.1x and RADIUS protocols, the client must go through posture assessment. The posture assessment process determines whether the client should be restricted, denied, or allowed full access to the network. When a client accesses the network through a WLC or VPN device, an Inline Posture node is responsible for the policy enforcement and CoA that these devices are unable to accommodate.

Cisco Identity Services Engine User Guide, Release 1.2 - Setting up Inline Posture [Cisco Identity Services Engine] - Ci…

The reason IPNs were deprecated was the fact that most devices can now perform CoA.  The guide you linked, though dated 2017, was written for ISE 1.3.

MS Supports CoA and can be used for ISE Posture without IPN

0 Helpful

Go to solution
rmelhem
Level 1
Level 1
In response to Charlie Moreton

‎09-01-2017 08:40 AM

Thanks Charles! This was my assumption as well, but what added to the confusion is that the compatibility matrix for ISE 2.3 hasn't been updated to reflect posture support for MS. I guess it will be updated sometime soon. Thanks again

0 Helpful
Customers Also Viewed These Support Documents