A laptop was stolen and a network engineer added it to the block list endpoint identity group.
What must be done on a new Cisco ISE deployment to redirect the laptop and restrict access?
A. Select DROP under If Auth fail within the authentication policy.
B. Ensure that access to port 8444 is allowed within the ACL.
C. Ensure that access to port 8443 is allowed within the ACL.
D. Select DenyAccess within the authentication policy.
the blacklist portal runs on tcp 8444
I believe answer is B:
Blacklist Portal
Employees do not access this portal directly, but are redirected to it.
If employees lose their personal device or it is stolen, they can update its status in the My Devices portal, which adds it to the Blacklist endpoint identity group. This prevents others from using the device to obtain unauthorized network access. If anyone attempts to connect to the network using one of these devices, they are redirected to the Blacklist portal which informs them that the device is denied access to the network. If the device is found, employees can reinstate it (in the My Devices portal) and regain network access without having to register the device again. Depending on whether the device was lost or stolen, additional provisioning may be required before the device can be connected to the network.
You can configure the port settings (default is port 8444) for the Blacklist portal. If you change the port number, make sure it is not being used by another end-user portal.
If endpoint is dropped, wouldn’t that prevent redirection? I’m thinking the answer may be C