cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1287
Views
10
Helpful
6
Replies

ISE beginner questions

yoshipower
Level 1
Level 1

Hi there,

I've recently done the inventory of my Cisco network with LAN Management Software and now I have to deploy Identity Service Engine on each device.

Thanks to LMS, I've been able to know on which switch I had to update the IOS, but now I've got some basic questions :

1) ISE allows you to authenticate users via 802.1x as a Radius server would do it, am I wrong ?

2) Does this software offer an automated switch configuration tool, or do I have to configure 802.1x authentication on each switch, one by one ?

I'm asking this because of this page which scares me : http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_sw_cnfg.html

2 Accepted Solutions

Accepted Solutions

bhaaaskar
Level 1
Level 1

Yes it work as a Radius Server and you can use external database also like Microsoft's Active Directory.

You have to manually configure the 802.1x authentication on each switch.

View solution in original post

askhuran
Level 1
Level 1

The Cisco Identity Services Engine (ISE) is an all-in-one enterprise  policy control product that enables comprehensive secure wired,  wireless, and VPN access, leading to more productive workers and lower  operations costs. ISE provides context-aware identity based Access  Control Solution with comprehensive visibility into who is accessing,  what, where, and when.

ISE does not offer any automated switch configuration tool, however it  only enforces authorization policies on the switch through dACL, VLAN  etc.

Yes, You need to configure every switch, though you can reuse some of the configuration which is common.

Cisco Prime is the configuration tool for your requirement. You can find more information at the following location:

http://www.cisco.com/en/US/partner/docs/net_mgmt/prime/infrastructure/1.3/release/notes/cpi_rn_13.html

View solution in original post

6 Replies 6

bhaaaskar
Level 1
Level 1

Yes it work as a Radius Server and you can use external database also like Microsoft's Active Directory.

You have to manually configure the 802.1x authentication on each switch.

Thank you for your fast answer.

Another question : In the document I've linked above, there are plenty of things to configure (about 10 items)

Are they all obligatory to set up in order to make ISE work ? Which one of them are essentials ?

askhuran
Level 1
Level 1

The Cisco Identity Services Engine (ISE) is an all-in-one enterprise  policy control product that enables comprehensive secure wired,  wireless, and VPN access, leading to more productive workers and lower  operations costs. ISE provides context-aware identity based Access  Control Solution with comprehensive visibility into who is accessing,  what, where, and when.

ISE does not offer any automated switch configuration tool, however it  only enforces authorization policies on the switch through dACL, VLAN  etc.

Yes, You need to configure every switch, though you can reuse some of the configuration which is common.

Cisco Prime is the configuration tool for your requirement. You can find more information at the following location:

http://www.cisco.com/en/US/partner/docs/net_mgmt/prime/infrastructure/1.3/release/notes/cpi_rn_13.html

Yes Ashok is absolutley right thanks for such a detailed explanation.

Thanks Ashok for sharing the useful info, 5+.

Regards,

Vinay Sharma

Community Manager

Thanks & Regards

You are welcome Vinay