Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1131
Views
10
Helpful
6
Replies

ISE beginner questions

Go to solution
yoshipower
Level 1
Level 1

‎05-07-2013 02:29 AM - edited ‎03-10-2019 08:24 PM

Hi there,

I've recently done the inventory of my Cisco network with LAN Management Software and now I have to deploy Identity Service Engine on each device.

Thanks to LMS, I've been able to know on which switch I had to update the IOS, but now I've got some basic questions :

1) ISE allows you to authenticate users via 802.1x as a Radius server would do it, am I wrong ?

2) Does this software offer an automated switch configuration tool, or do I have to configure 802.1x authentication on each switch, one by one ?

I'm asking this because of this page which scares me : http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_sw_cnfg.html

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
bhaaaskar
Level 1
Level 1

‎05-07-2013 02:48 AM

Yes it work as a Radius Server and you can use external database also like Microsoft's Active Directory.

You have to manually configure the 802.1x authentication on each switch.

View solution in original post

0 Helpful

Go to solution
askhuran
Level 1
Level 1

‎05-07-2013 04:33 AM

The Cisco Identity Services Engine (ISE) is an all-in-one enterprise  policy control product that enables comprehensive secure wired,  wireless, and VPN access, leading to more productive workers and lower  operations costs. ISE provides context-aware identity based Access  Control Solution with comprehensive visibility into who is accessing,  what, where, and when.

ISE does not offer any automated switch configuration tool, however it  only enforces authorization policies on the switch through dACL, VLAN  etc.

Yes, You need to configure every switch, though you can reuse some of the configuration which is common.

Cisco Prime is the configuration tool for your requirement. You can find more information at the following location:

http://www.cisco.com/en/US/partner/docs/net_mgmt/prime/infrastructure/1.3/release/notes/cpi_rn_13.html

View solution in original post

6 Replies 6

Go to solution
bhaaaskar
Level 1
Level 1

‎05-07-2013 02:48 AM

Yes it work as a Radius Server and you can use external database also like Microsoft's Active Directory.

You have to manually configure the 802.1x authentication on each switch.

0 Helpful

Go to solution
yoshipower
Level 1
Level 1
In response to bhaaaskar

‎05-07-2013 03:57 AM

Thank you for your fast answer.

Another question : In the document I've linked above, there are plenty of things to configure (about 10 items)

Are they all obligatory to set up in order to make ISE work ? Which one of them are essentials ?

0 Helpful

Go to solution
askhuran
Level 1
Level 1

‎05-07-2013 04:33 AM

The Cisco Identity Services Engine (ISE) is an all-in-one enterprise  policy control product that enables comprehensive secure wired,  wireless, and VPN access, leading to more productive workers and lower  operations costs. ISE provides context-aware identity based Access  Control Solution with comprehensive visibility into who is accessing,  what, where, and when.

ISE does not offer any automated switch configuration tool, however it  only enforces authorization policies on the switch through dACL, VLAN  etc.

Yes, You need to configure every switch, though you can reuse some of the configuration which is common.

Cisco Prime is the configuration tool for your requirement. You can find more information at the following location:

http://www.cisco.com/en/US/partner/docs/net_mgmt/prime/infrastructure/1.3/release/notes/cpi_rn_13.html

Go to solution
bhaaaskar
Level 1
Level 1
In response to askhuran

‎05-07-2013 09:08 AM

Yes Ashok is absolutley right thanks for such a detailed explanation.

0 Helpful

Go to solution
Vinay Sharma
Level 7
Level 7
In response to askhuran

‎05-07-2013 11:50 PM

Thanks Ashok for sharing the useful info, 5+.

Regards,

Vinay Sharma

Community Manager

Thanks & Regards
0 Helpful

Go to solution
askhuran
Level 1
Level 1
In response to Vinay Sharma

‎05-08-2013 02:33 AM

You are welcome Vinay

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents