05-07-2013 02:29 AM - edited 03-10-2019 08:24 PM
Hi there,
I've recently done the inventory of my Cisco network with LAN Management Software and now I have to deploy Identity Service Engine on each device.
Thanks to LMS, I've been able to know on which switch I had to update the IOS, but now I've got some basic questions :
1) ISE allows you to authenticate users via 802.1x as a Radius server would do it, am I wrong ?
2) Does this software offer an automated switch configuration tool, or do I have to configure 802.1x authentication on each switch, one by one ?
I'm asking this because of this page which scares me : http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_sw_cnfg.html
Solved! Go to Solution.
05-07-2013 02:48 AM
Yes it work as a Radius Server and you can use external database also like Microsoft's Active Directory.
You have to manually configure the 802.1x authentication on each switch.
05-07-2013 04:33 AM
The Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and VPN access, leading to more productive workers and lower operations costs. ISE provides context-aware identity based Access Control Solution with comprehensive visibility into who is accessing, what, where, and when.
ISE does not offer any automated switch configuration tool, however it only enforces authorization policies on the switch through dACL, VLAN etc.
Yes, You need to configure every switch, though you can reuse some of the configuration which is common.
Cisco Prime is the configuration tool for your requirement. You can find more information at the following location:
05-07-2013 02:48 AM
Yes it work as a Radius Server and you can use external database also like Microsoft's Active Directory.
You have to manually configure the 802.1x authentication on each switch.
05-07-2013 03:57 AM
Thank you for your fast answer.
Another question : In the document I've linked above, there are plenty of things to configure (about 10 items)
Are they all obligatory to set up in order to make ISE work ? Which one of them are essentials ?
05-07-2013 04:33 AM
The Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and VPN access, leading to more productive workers and lower operations costs. ISE provides context-aware identity based Access Control Solution with comprehensive visibility into who is accessing, what, where, and when.
ISE does not offer any automated switch configuration tool, however it only enforces authorization policies on the switch through dACL, VLAN etc.
Yes, You need to configure every switch, though you can reuse some of the configuration which is common.
Cisco Prime is the configuration tool for your requirement. You can find more information at the following location:
05-07-2013 09:08 AM
Yes Ashok is absolutley right thanks for such a detailed explanation.
05-07-2013 11:50 PM
Thanks Ashok for sharing the useful info, 5+.
Regards,
Vinay Sharma
Community Manager
05-08-2013 02:33 AM
You are welcome Vinay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide