NoTouch OS and Cisco Identity Services Engine (ISE) Leading Practices

This article shows leading practices for getting NoTouch OS devices to integrate with Cisco's ISE zero-trust framework

Creating Cisco Identity Services Engine (usually referred to as Cisco ISE) is a product that secures network access. ISE profiles network devices and makes a decision to allow or disallow a device. Usually in such enterprise scenarios, the question comes up how to recognize NoTouch OS systems and provide rules.

It is important to note that devices do not talk directly to ISE (that would be too easy...) - instead ISE collects information from other sources, such as DHCP, RADIUS, LLDP, etc.

Suggestions are:

  • Use LLDP, set a custom system description
  • Use SNMP, specifically you can query the Stratodesk MIB.

Out of all the information provided to the network, when using Network authentication ISE and RADIUS will work together to either allow or prohibit the device from accessing the network.