Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
815
Views
2
Helpful
2
Replies

Cisco ISE Multiple Sites

Go to solution
Leonardo Santana
Spotlight
Spotlight

‎08-24-2023 04:50 PM

Hi how can i make policy sets with Cisco ISE for multiple sites?

I just want to use 802.1x for wired and wireless network.

 Its better to create a policy set to each site?

Example:
SITE A (Headquarter)
SITE B (Branch 1)
SITE C (Branch 2)
SITE D (Branch 3)

Regards
Leonardo Santana

*** Rate All Helpful Responses***
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎08-24-2023 06:47 PM

The only reason to do that would be if you need to provide different authorization on a per-site basis, which would not scale well and would be an operational burden. Ideally, you would create a centralised policy that would apply to all sites.

I would suggest reviewing the Cisco ISE Secure Wired Access Prescriptive Deployment Guide for example policies.

If you're new to ISE, there are also various Webinars available to gain a better understanding of the features and best practices.
https://cs.co/ise-resources#Learn

 

View solution in original post

Go to solution
thomas
Cisco Employee
Cisco Employee

‎08-28-2023 11:00 AM

Only create different policy sets if your policies are indeed different otherwise, keep your life and policies simple and use the same everywhere! You typically want to create different policy sets for different access methods (wired, wireless, VPN) or authentication types (MAB, 802.1X) or scenarios (Corporate, IOT, Guest) or locations (country, region, zone, etc.) or any combinations of these as needed.

See ISE Authentication and Authorization Policy ReferencePolicy Set Conditions

We also had an ISE webinar  Building ISE RADIUS Policy Sets 2022/05/03

and another one on ▷ Managing Network Devices in ISE 2022/04/05 :

19:10 RADIUS with an Undefined Network Device
21:08 Enable and Use the Default Network Device
24:43 Network Device with an IP Range
26:30 Network Device with a Specific IP Address
28:00 Packet Capture Review
31:46 Network Device Groups (NDGs)
34:12 CSV Export & Import of NDGs and Network Devices

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎08-24-2023 06:47 PM

The only reason to do that would be if you need to provide different authorization on a per-site basis, which would not scale well and would be an operational burden. Ideally, you would create a centralised policy that would apply to all sites.

I would suggest reviewing the Cisco ISE Secure Wired Access Prescriptive Deployment Guide for example policies.

If you're new to ISE, there are also various Webinars available to gain a better understanding of the features and best practices.
https://cs.co/ise-resources#Learn

 

Go to solution
thomas
Cisco Employee
Cisco Employee

‎08-28-2023 11:00 AM

Only create different policy sets if your policies are indeed different otherwise, keep your life and policies simple and use the same everywhere! You typically want to create different policy sets for different access methods (wired, wireless, VPN) or authentication types (MAB, 802.1X) or scenarios (Corporate, IOT, Guest) or locations (country, region, zone, etc.) or any combinations of these as needed.

See ISE Authentication and Authorization Policy ReferencePolicy Set Conditions

We also had an ISE webinar  Building ISE RADIUS Policy Sets 2022/05/03

and another one on ▷ Managing Network Devices in ISE 2022/04/05 :

19:10 RADIUS with an Undefined Network Device
21:08 Enable and Use the Default Network Device
24:43 Network Device with an IP Range
26:30 Network Device with a Specific IP Address
28:00 Packet Capture Review
31:46 Network Device Groups (NDGs)
34:12 CSV Export & Import of NDGs and Network Devices

0 Helpful
Customers Also Viewed These Support Documents