--> Cisco Identity Services Engine (ISE) is a NAC and Identity Based solution from Cisco.
--> Cisco Identity Services Engine allow only authorized users can access the network based upon the policy configured in ISE.
--> Cisco ISE architecture is mainly divided into two parts: 1) Identity 2) Context
--> Identity provides information about the user or device and Context provides the additional information about the user or device such as what, where, when, and how.
--> A good example for identity and context is, User A (who) is logged in to the network in IT Room (where) using Cisco AnyConnect (what) today at 10 p.m. (when) using his Android Phone (how).
--> This identity information can be gathered by ISE using various methods such as,
i) 802.1X
ii) Web Authentication
iii) MAC Authentication ByPass
iv) Unauthenticated Guest Access using splash pages
v) Device Profiling
vii) Posture Assesment
--> To implement all these things, we need to integrate ISE into network devices such as Switches, Wireless Controller using RADIUS Protocol.
--> By Using RADIUS protocol, ISE provides following things such as,
1) Authentication:
--> ISE finds out the identity of the user or device by using Radius Authentication request.
--> We need to configure Authentication Policy in ISE to implement Authentication.
--> Authentication can be implemented by using 802.1x authentication, MAB, and Web Authentication.
2) Authorization
--> Once you find out the identity of a user or device, now we need to specify the amount of network access.
--> The amount of access can be i) Full Access ii) No Access iii) Restricted Access
--> We need to configure Authorization Policy in ISE to implement Authorization.
3) Accounting
--> Used for tracking the user identity information.
--> What the user is actually doing in the network.
Ref: Cisco.com
Md.Kareemoddin
CCIE # 54759
--> Cisco Identity Services Engine allow only authorized users can access the network based upon the policy configured in ISE.
--> Cisco ISE architecture is mainly divided into two parts: 1) Identity 2) Context
--> Identity provides information about the user or device and Context provides the additional information about the user or device such as what, where, when, and how.
--> A good example for identity and context is, User A (who) is logged in to the network in IT Room (where) using Cisco AnyConnect (what) today at 10 p.m. (when) using his Android Phone (how).
--> This identity information can be gathered by ISE using various methods such as,
i) 802.1X
ii) Web Authentication
iii) MAC Authentication ByPass
iv) Unauthenticated Guest Access using splash pages
v) Device Profiling
vii) Posture Assesment
--> To implement all these things, we need to integrate ISE into network devices such as Switches, Wireless Controller using RADIUS Protocol.
--> By Using RADIUS protocol, ISE provides following things such as,
1) Authentication:
--> ISE finds out the identity of the user or device by using Radius Authentication request.
--> We need to configure Authentication Policy in ISE to implement Authentication.
--> Authentication can be implemented by using 802.1x authentication, MAB, and Web Authentication.
2) Authorization
--> Once you find out the identity of a user or device, now we need to specify the amount of network access.
--> The amount of access can be i) Full Access ii) No Access iii) Restricted Access
--> We need to configure Authorization Policy in ISE to implement Authorization.
3) Accounting
--> Used for tracking the user identity information.
--> What the user is actually doing in the network.
Ref: Cisco.com
Md.Kareemoddin
CCIE # 54759
No comments:
Post a Comment