The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service
Node?
A.
tcp/8905
B.
udp/8905
C.
http/80
D.
https/443
The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service
Node?
The NAC Agent uses which port and protocol to send discovery packets to an ISE Policy Service
Node?
A.
tcp/8905
B.
udp/8905
C.
http/80
D.
https/443
This answer seems to be totally wrong!
Check this out from Cisco web site:
Discovery Process
When the NAC agent starts, it follows this sequence:
HTTP discovery probe on port 80 to discovery host, if one is configured.
HTTPS discovery probe on port 8905 to the discovery host, if one is configured.
HTTP discovery probe on port 80 to default gateway.
HTTPS reconnect probe on 8905 to previously contacted ISE policy node.
Repeat from 1.
Successful posture validation depends on the agent reaching the policy node that authenticated the original 802.1x/MAB session and receiving the session information. This information is available to the switch but not the agent. The agent attempts to connect to any node when it comes up.
In steps 1 and 3, notice that the NAC agent uses HTTP traffic to port 80 specifically to reach the discovery host or the default gateway. This process occurs because the ISE client provisioning flow requires port 80 to be redirected to the ISE policy node that authenticated the session. As long as the control path processor (CPP) flow and URL redirect configuration is correct and working, any NAC agent in the network should experience no problems reaching the correct policy node. One caveat to remember is that the redirect URL contains the hostname of ISE, so the client machine should be able to resolve that to the IP of the policy node.
If URL redirect is not working or is not configured, then steps 2 and 4 are used as failover. These steps are used only if you have configured a discovery host or if the agent has connected to this ISE deployment previously. Even if the agent gets to a Policy Decision Point (PDP) using step 2 or 4, it does not guarantee that the posture validation will succeed because the session information may not be available on that PDP.
In order to work around this issue, node groups can be set up to share session information. However, it is much simpler to configure and get URL redirection working.
Verify
In order to verify whether the NAC agent will be able to reach the policy node, open a browser on the client machine and go to this URL: https://:8905/auth/discovery
ISE should return a page that includes this text: X-Perfigo-CAS=
http://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/installation_guide/ise_install_guide/ise_app_e-ports.html
You only see some signs but such signs cannot end up
being a firm evidence to accuse her of cheating
that you. The answer is essentially the most ancient one:
good upbringing and good parenting. Are you in demand for recording the phone call information of
one’s child or others’ cellphone?? This is a really good way to how to
catch a cheating wife without arousing unnecessary suspicion.