Adaptive Network Control (ANC) Policies

Adaptive Network Control (ANC) is a service that runs on the Cisco ISE Policy Administration Node (PAN) that you can use to monitor and control network access for endpoints. ANC supports wired and wireless deployments.

You can invoke ANC actions on endpoints using APIs or scripts.

The following scripts are available:

• Quarantine authenticated 802.1X endpoint
• Unquarantine (clear) the endpoint
• Provide a list of endpoints, based on triggered ANC policy
• Subscribe to ANC capability to receive remediation and provisioning notices

ANC Endpoint and ANC Policy are documented in the Cisco ISE API Reference Guide.

• https://developer.cisco.com/docs/identity-services-engine/v1/ancendpoint/
• https://developer.cisco.com/docs/identity-services-engine/v1/ancpolicy/

The following actions are available:

• QUARANTIINE: Disconnects the target client (after which it may reconnect)
• RE_AUTHENTICATE: Forces the target client to do Re-Authentication, optionally implement an updated policy. This requires pxGrid 2.0.
• SHUTDOWN: For a wired device, shutdown the port of the device, preventing reconnection.