12-03-2015 02:37 PM - edited 03-10-2019 11:17 PM
Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to ask questions about Cisco Identity Service Engine (ISE) to Artem Tkachov and Wojciech Cecot.
Ask questions from Monday December 14 to Wednesday December 23rd , 2015
The Cisco Identity Services Engine (ISE) helps IT professionals meet enterprise mobility challenges and secure the evolving network across the attack continuum. The market-leading platform for security-policy management, it unifies and automates access control to enforce compliance-driven role-based access to networks and network resources.
This session will help customers with troubleshooting, configuring and implementing ISE solutions in their networks.
Artem and Wojciech will be helping you with all your queries on all of the above.
Artem Tkachov is a Customer Support Engineer in Cisco TAC Security team in Poland. He has been working with TAC for past 3 years and has 8 years of industry experience working with enterprise deployment and troubleshooting. His areas of expertise currently includes Firewalls, VPNs, AAA, 802.1X (MacSec/TrustSec), ISE (BYOD, HotSpot, etc.), ACS, as well as knowledge and in Routing and Switching, Service Provider, Data Center technologies. Artem holds CCIE certifications (# 39668) in Routing and Switching, Service Provider, Wireless, as well as CCNP in Security, JNCIS-SP, RHCSA, and ITIL certification.
Wojciech Cecot is a Customer Support Engineer in Cisco TAC Security team in Poland. He has been working with TAC since May 2014 and has 3 years of industry experience working with enterprise deployment and troubleshooting. His area of expertise covers ISE, TrustSec, BYOD, ACS 5.x, 802.1x. Prior to joining Cisco, he worked as a junior system engineer at Comarch. He is graduated with a Bachelor's and Master's degrees in Electronics and Telecommunications from AGH University of Science and Technology.
Find other https://supportforums.cisco.com/expert-corner/events.
Because of the volume expected during this event, Artem and Wojciech might not be able to answer every question.
**Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions
12-21-2015 07:12 PM
Hi Team,
I have an scenario in where we have multiple remote sites (30) running multiple brands in the different layers: Switching Acces/Core, Wireless, Security., a customer wants to get ISE in order to provide centrilazed authentication: username and password., in case any user wants to connect to the network and have certain of privileges to connect through network internally between the sites.
Can you please confirm if ISE can interact with multiple brands: Avaya, Ruckus, Sonicwall, HP and CISCO in order to provide the security authentication with all brands? Please provide documentation for this specific requirement.
Thanks.
Neyton
12-21-2015 11:49 PM
Hello Neyton,
Thank you for your question.
Cisco ISE conforms to the following RFCs:
• RFC 2138—Remote Authentication Dial In User Service (RADIUS)
• RFC 2139—RADIUS Accounting
• RFC 2865—Remote Authentication Dial In User Service (RADIUS)
• RFC 2866—RADIUS Accounting
• RFC 2867—RADIUS Accounting Modifications for Tunnel Protocol Support
• RFC 5176—Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
If your 3rd party device is compatible with RFCs above, it shouldn't be any issue to integrate it with Cisco ISE.
Also, starting from ISE 2.0, you can utilize TACACS+ protocol for AAA actions with any device what supports this protocol. There are some guides on Cisco.com, one of them is below:
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200208-Configure-ISE-2-0-IOS-TACACS-Authentic.html
Thanks
/Artem
12-22-2015 04:30 AM
Thanks Artem! :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide