Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17167
Views
87
Helpful
107
Replies

Ask the Expert: Implementing and Troubleshooting Cisco Identity Services Engine (ISE)

Monica Lluis
Level 9
Level 9

‎12-03-2015 02:37 PM - edited ‎03-10-2019 11:17 PM

Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to ask questions about Cisco Identity Service Engine (ISE) to  Artem Tkachov and Wojciech Cecot. 

Join the Discussion : Cisco Ask the Expert

Ask questions from Monday December 14 to Wednesday December 23rd , 2015

The Cisco Identity Services Engine (ISE) helps IT professionals meet enterprise mobility challenges and secure the evolving network across the attack continuum. The market-leading platform for security-policy management, it unifies and automates access control to enforce compliance-driven role-based access to networks and network resources. 

This session will help customers with troubleshooting, configuring and implementing ISE solutions in their networks.

 

Artem and Wojciech will be helping you with all your queries on all of the above.

 

Artem Tkachov is a Customer Support Engineer in Cisco TAC Security team in Poland. He has been working with TAC for past 3 years and has 8 years of industry experience working with enterprise deployment and troubleshooting. His areas of expertise currently includes Firewalls, VPNs, AAA, 802.1X (MacSec/TrustSec), ISE (BYOD, HotSpot, etc.), ACS, as well as knowledge and in Routing and Switching, Service Provider, Data Center technologies. Artem holds CCIE certifications (# 39668) in Routing and Switching, Service Provider, Wireless, as well as CCNP in Security, JNCIS-SP, RHCSA, and ITIL certification.

 

 

 

Wojciech Cecot is a Customer Support Engineer in Cisco TAC Security team in Poland. He has been working with TAC since May 2014 and has 3 years of industry experience working with enterprise deployment and troubleshooting. His area of expertise covers ISE, TrustSec, BYOD, ACS 5.x, 802.1x. Prior to joining Cisco, he worked as a junior system engineer at Comarch. He is graduated with a Bachelor's and Master's degrees in Electronics and Telecommunications from AGH University of Science and Technology.

 

Find other  https://supportforums.cisco.com/expert-corner/events.

Because of the volume expected during this event, Artem and Wojciech might not be able to answer every question. 

**Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions

 

Join the Discussion : Cisco Ask the Expert

I hope you and your love ones are safe and healthy
Monica Lluis
Community Manager Lead
6 people had this problem
Labels:
0 Helpful
107 Replies 107

Jorge Neyton Avila Pacheco
Level 4
Level 4

‎12-21-2015 07:12 PM

Hi Team,

I have an scenario in where we have multiple remote sites (30) running multiple brands in the different layers: Switching Acces/Core, Wireless, Security., a customer wants to get ISE in order to provide centrilazed authentication: username and password., in case any user wants to connect to the network and have certain of privileges to connect through network internally between the sites.

Can you please confirm if ISE can interact with multiple brands: Avaya, Ruckus, Sonicwall, HP and CISCO in order to provide the security authentication with all brands? Please provide documentation for this specific requirement.

Thanks.

Neyton

0 Helpful

Artem Tkachov
Level 1
Level 1
In response to Jorge Neyton Avila Pacheco

‎12-21-2015 11:49 PM

Hello Neyton,

Thank you for your question.

Cisco ISE conforms to the following RFCs:
    •    RFC 2138—Remote Authentication Dial In User Service (RADIUS)
    •    RFC 2139—RADIUS Accounting
    •    RFC 2865—Remote Authentication Dial In User Service (RADIUS)
    •    RFC 2866—RADIUS Accounting
    •    RFC 2867—RADIUS Accounting Modifications for Tunnel Protocol Support
    •    RFC 5176—Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)

If your 3rd party device is compatible with RFCs above, it shouldn't be any issue to integrate it with Cisco ISE.

Also, starting from ISE 2.0, you can utilize TACACS+ protocol for AAA actions with any device what supports this protocol. There are some guides on Cisco.com, one of them is below:

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200208-Configure-ISE-2-0-IOS-TACACS-Authentic.html

Thanks

/Artem

Jorge Neyton Avila Pacheco
Level 4
Level 4
In response to Artem Tkachov

‎12-22-2015 04:30 AM

Thanks Artem! :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents