When a wired client connects to an edge switch in a Cisco SD-Access fabric, which component decides whether the client has access to the network?
When a wired client connects to an edge switch in a Cisco SD-Access fabric, which component decides whether the client has access to the network?
The component that decides whether a wired client has access to the network in a Cisco SD-Access fabric is the Identity Services Engine (ISE). ISE is responsible for providing authentication, authorization, and accounting (AAA) services. When a client connects to an edge switch, ISE identifies the user, enforces network policies, and assigns the appropriate network access based on the client's credentials. RADIUS server, while related, does not operate independently in this specific architecture; it operates through ISE.
I think its B: ISE
Identity Service Engine (ISE) identify user gives users specific permission & policy.
poor question if asked that way since both are technically correct (B & C). ISE is of course a radius server, and you can leverage a third party radius server + ISE for SDA. If they had used creative wording then maybe they were trying to trick you, you can't run SDA with only a third party radius server, you still need ISE. ex. https://community.cisco.com/t5/networking-documents/how-to-use-group-based-policies-with-3rd-party-radius-using/ta-p/3930041
it should be B
The correct answer is B, it was even in the CBT nuggets videos. Specifically Explain SD-Access Fabric Operation/User Authentication. So, B is your correct answer.
The answer i think is "B". Why ? 1. Radius does not have ISE feature, 2. ISE has Radius , 3. the key word "Cisco SD-Access fabric" - ISE is part of the SDN concept
https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html#Solution_Components Components of an SD-Access solution include: Cisco DNA Center Hardware Appliance Cisco DNA Center Software Identity Services Engine
B is correct ISE is responsible for identity and access control in a network. It ensures that only authorized clients have access to the network by checking credentials and enforcing access policies. For example, if a wired client with incorrect credentials tries to connect to the network, the ISE would deny access. It is crucial in keeping networks secure by preventing unauthorized access and potential security threats.
..........
B is correct
When a wired client connects to an edge switch in a Cisco SD-Access fabric, the component that decides whether the client has access to the network is the Identity Services Engine (ISE). Therefore, option B is the correct answer. The ISE is a key component of the Cisco SD-Access architecture that provides authentication, authorization, and accounting (AAA) services. When a client connects to an edge switch, the ISE is responsible for determining the client's identity and checking its credentials against a policy database. If the client is authorized to access the network, the ISE instructs the edge switch to assign the appropriate VLAN and apply the appropriate policies. If the client is not authorized, the ISE instructs the edge switch to quarantine the client and provide limited network access.
B is correct
I think should be B
ise is used to allow or not allow access to the network there are policys and permissions assigned in the ise management portal
Correct answer is B ISE You can't run SDA with only a third party radius server, you need ISE
Eventhought 802.1X can run with a 3rd party radius server, for SDA policy to work must be with ISE as use trusect for the security plane.
-B-: It has to be an ISE , a standard RADIUS server isn't sufficient
De ISE server operate as Tacacs+ and the Radius server. If you ask in a SD-Access fabric environment then the answer must be B!
nou, the question is "which component decides"..? Is Radius or ISE ? Radius is a protocol and ISE is a service designed to deliver Radius.. Its tricky..