ASA 5505 and ISE
Hi, Wishing you all the best in the New Year!
I have a situation and need some advices. I have a client deployed asa 5505 as easy vpn hard client (nem mode) on remote location, it is working great. Client would like to lock down the built-in switchports to prevent issues when people plug random devices in to keep them off the network.
One thing comes to mind - dot1x but asa and the built-in switch port does not support dot1x feature, so an external cisco switch is needed. I would like not to add external device to asa 5505 if possible. What are the other options? Lock down authorized user PC's MAC address, it works but not flexible sicne user may be roaming around. I am thinking posturing, can ISE support this and how to integrate with asa? Any suggestion are appreciated. Thanks