Overview
  • 06 Jun 2022
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Overview

  • Dark
    Light
  • PDF

Article Summary

Compliance module is a comprehensive auditing and configuration management tool, which helps Administrators to periodically audit the configuration to make sure that authentication is enabled and configured in the network as expected, configure exceptions from authentication for auditing purposes, and rollout 802.1X configuration on network switches.

Configuration Audit

XTENDISE periodically scans all network switches (which are configured in ISE, have RADIUS configuration and have Cisco Network Device Profile). All interface configurations are compared to configured interface templates and evaluated. If all commands are configured on an interface, then the interface is evaluated as Compliant. If there are commands missing, then the interface is evaluated as Non Compliant. If there is at least one Non Compliant interface, then the whole switch is evaluated as Non Compliant.

This evaluation helps you to find configuration defects or security holes in an automated manner. XTENDISE then helps to an administrator to quickly fix the configuration issues on Non Compliant switches with just a few clicks.

Compliance module also gives clear confirmation to external audits, that the ISE is configured as expected and the whole network is secured.

Configuration Exceptions

In every network, there are some interfaces without 802.1X configuration. XTENDISE helps you track these exceptions.

Interface without 802.1X configuration can be marked as exception. Exception requires to fill exception reason and tracks the person who added the exception.

Exceptions can be exported in a list and maintained in a risk management program.

Configuration correction and rollout

Compliance module has a Make Compliant feature which helps Administrators to configure 802.1X configuration on the switches. This can be used in two use cases:

  1. A switch is already configured with 802.1X configuration but has some configuration defects.
  2. A switch is not configured with 802.1X configuration and you want to deploy the configuration on the switch.
Limitations

Compliance module currently support only Cisco Switches.