Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 128

An engineer is configuring Cisco ISE policies to support MAB for devices that do not have 802.1X capabilities. The engineer is configuring new endpoint identity groups as conditions to be used in the AuthZ policies, but noticed that the endpoints are not hitting the correct policies. What must be done in order to get the devices into the right policies?

Answer options

• A. Create an AuthZ policy to identify Unknown devices and provide partial network access prior to profiling.
• B. Add an identity policy to dynamically add the IP address of the devices to their endpoint identity groups.
• C. Identify the non 802.1X supported device types and create custom profiles for them to profile into.
• D. Manually add the MAC addresses of the devices to endpoint ID groups in the context visibility database.

Correct answer: D

Explanation

The correct answer is D because manually adding the MAC addresses ensures that the devices are associated with the right endpoint identity groups, allowing them to be recognized in the policies. Options A, B, and C do not directly address the issue of the endpoints not hitting the correct policies, as they focus on profiling or partial access rather than proper identification through the context visibility database.