The first gateway is at an IP of 192.168.0.245 and the second gateway is at 192.168.0.240.We ha. Howdy spicepeeps!Hopefully this has a pretty straightforward answer.We have a site where for reasons I will not go into there are two gateways to the internet. How to weight the gateways handed out via DHCP.It can do a whole load of other things, and this is before a user logs in and it fully integrates with AD. It can then check for AV, and if the AV definitions are a certain amount of time out or date, maybe 5 days since the last received update and you specify nothing you connect must have AV definitions more then 3 days old, and as long as it has the Eric.txt file, the device can join the network, but is placed in a holding VLAN and updates provided, when the updates complete, it can then join the full production environment. When a devices connects, Cisco ISE can check the specified location for the specified file (in this case Eric.txt in the C drive), not file, no connection. It can check for anything that can be interrogated on the computer (switch, router, printer, anything connecting to the network), so you could put a text file call Eirc.txt (or any other type of file or an existing one) in a particular folder. You can even get it to check the hardware connecting to the network is known, approved and meets the criteria you wold like. Identity Services Engine, this can do everything you have said. Ideally I would recomend something like Cisco's Sure someone would need to know how to do that and have a valid MAC address, but seriously, the risk that would be outstanding given the numbers you've provided is not a risk I would personally or professionally recommend. Basing authentication on MAC address is possible, but it will have a large management overhead (I think massive management is probably more accurate) and MAC addresses are trivial to spoof, and therefore completely render you main security measure completely useless.
0 kommentar(er)
