You are here
SEC0110 - ISE 1.2 Endpoint Protection Service (EPS) (Part 2)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates the use of Endpoint Protection Service (EPS) on Cisco ISE 1.2 to quarantine undesired endpoints. Unlike manually removing an endpoint from the network by shutting down port and the endpoint can potentially be moved to a different port to regain access, although ISE also allow you to exactly this by issuing a port-shutdown CoA, placing host MAC address or IP into EPS quarantine ensures the endpoint remains denied from the network regardless of its point to attachment. A policy can be created to block endpoint traffic by ACL or/and placing them into a unusable VLAN.
Part 2 of this video tests our configurations by placing wired and wireless endpoint into quarantine.
Topic:
- ISE Endpoint Protection Service (EPS)
- User and Machine Authentication with PEAP
-
Policy Element Result
- Authorization (Downloadable ACL)
- Authorization (Authorization Profile)
- Authentication Policy
- Authorization Policy
- EPS Host Quarantine
- EPS Port shutdown
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
2 comments
timeout
Hey Admin, just followed your instruction step by step, after adding the IP/MAC address and getting the error message"Timeout in Switch while doing PrRT Call. But Operation Permitted with partial failure." , reload the switch but still seeing the same issue.
Any idea, thanks.
timeout
Are you refering to adding the device MAC address for quarantine? Please make sure CoA is configured and working properly as EPS relies heavily on that.