Right in an "and" condition they all need to match to assign the
token. I can't think of a reason off the top of my head for choosing
one over the other so I'd have to lab it up.
Regards,
Brandon Carroll - CCIE #23837
Senior Technical Instructor - IPexpert
Mailto: [email protected]
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
::Message Sent from iPhone::
IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
(R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice,
Security & Service Provider) Certification Training with locations
throughout the United States, Europe and Australia. Be sure to check
out our online communities at www.ipexpert.com/communities and our
public website at www.ipexpert.com.
On Apr 10, 2010, at 10:52 AM, Paul Alexander <[email protected]>
wrote:
I think were talking about something different.
You mention that the difference is in the values you match on.
That's when you create the actual conditions (PA:OS, Host:Hotfixes,
Host:Kernel etc).
After that you assign a posture token to the condition set.....the
option is Cisco:Host or Cisco:PA (healthy, quarantine etc etc)
If you create an AND logic condition that includes Cisco:PA and
Cisco:Host match statement - they all still need to match before it
can assign a token right? So when choosing the type of token to
assign, why would you assign a Cisco:Host token over a Cisco:PA token?
Sorry for battering this to death, but I'm not quite getting it.
Regards,
Paul
On Sat, Apr 10, 2010 at 6:24 PM, Brandon Carroll <[email protected]
> wrote:
The difference is in the values you are matching on.
Regards,
Brandon Carroll - CCIE #23837
Senior Technical Instructor - IPexpert
Mailto: [email protected]
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on
Demand, Audio Tools, Online Hardware Rental and Classroom Training
for the Cisco CCIE (R&S, Voice, Security & Service Provider)
certification(s) with training locations throughout the United
States, Europe, South Asia and Australia. Be sure to visit our
online communities at www.ipexpert.com/communities and our public
website at www.ipexpert.com
On Apr 10, 2010, at 10:18 AM, Paul Alexander <[email protected]>
wrote:
Okay, I think I get some of that. Here's the example i'm confused by:
Condition 1
Cisco:PA:OS-Type contains Windows 2000
AND
Cisco:Host:Hotfixes=KB14478
Posture Token= Cisco:Host:Healthy
Condition 2
Default
Posture Token Cisco:Host:Quarantine
Now in this case, what is the difference in me using Cisco:Host
instead of Cisco:PA for the posture tokens (healthy and quarantine)??
Thanks for all your help mate, its appreciated.
Paul.
On Sat, Apr 10, 2010 at 5:27 PM, Brandon Carroll <[email protected]
> wrote:
I understand. It can be frustrating.
So basically yes you need the CTA to get the posture information
back to ACS. Take a read of this: http://www.cisco.com/en/US/docs/security/cta/admin_guide/ctaPlugn.html#wp1043483
and if it's still giving you a hard time let me know.
Basically you have application posture tokens that can be
different. so- Cisco:Host values can posture to healthy and
Cisco:PA can posture to Quarantine. Then of the two different
application posture tokens ACS takes the lowest value, in this case
Quarantine and assigns that as the System Posture Token. Here is
another way to look at it.
Lets say you want to see the following:
Cisco:Host:HotFixes=KB65643
and that equals Healthy else assign Quarantine as the Application
Posture Token.
and
Cisco:PA:OS-Type=Windows XP Professional
and that equals Healthy lse assign Quarantine as the Application
Posture Token.
If both items are true the System Posture Token would be Healthy.
If only 1 is true the other will assign the Application Posture
Token of Quarantine and ACS looks at both, picks the lowest and
assigns the System Posture Token to Quarantine.
HTH
Regards,
Brandon Carroll - CCIE #23837
Senior Technical Instructor - IPexpert
Mailto: [email protected]
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on
Demand, Audio Tools, Online Hardware Rental and Classroom Training
for the Cisco CCIE (R&S, Voice, Security & Service Provider)
certification(s) with training locations throughout the United
States, Europe, South Asia and Australia. Be sure to visit our
online communities at www.ipexpert.com/communities and our public
website at www.ipexpert.com
On Apr 10, 2010, at 9:07 AM, Paul Alexander wrote:
ssign a token of 'Cisco:PA Healthy' as opposed to 'Cisc
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
