01-03-2016 10:59 AM - edited 03-10-2019 11:21 PM
Hi Everybody,
New bee to ISE.I want help/suggestions on how to deploy ise in my network or comment if my plan is efficient
ISE ,Servers(ALL) and Corporate machines (Dot1x and Domain) in vlan 10
Guest should be in separate vlan 20
By default all switch ports should be in vlan 30 having nothing but only DHCP.
Every endpoint should come through vlan30 and then pushed to respective vlan i.e to 10 if corp(Dot1x) PC and to guest vlan 20 if mab and not listed in endpoints.
Is this an efficient deployment?
Secondly does inter-vlan routing is required in this scenario for the endpoints to be policed properly.
Should ise be able to communicate and police endpoints that are not in its vlan.
Solved! Go to Solution.
01-04-2016 11:22 AM
Hi,
ISE deployment needs lot of consideration into many aspects. Suggest to read through cisco documentation to get familiar.
http://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Security/TrustSec_2-0/trustsec_2-0_dig.pdf
Cisco ISE node has many roles; Admin, Monitor & Policy Service. The policy service node (PSN) is the one which plays the role of RADIUS server ( Advanced RADIUS to be precise) to handle AAA requests.
For Internal hosts dot1x authentication, you can have an ISE PSN in internal LAN (same VLAN as servers or Users). Whereas for Wireless Guests, you can use a dedicated PSN or share the PSN depending on security requirements.
Cheers,
Vidy
Please don't forget to rate this post if useful.
01-04-2016 11:22 AM
Hi,
ISE deployment needs lot of consideration into many aspects. Suggest to read through cisco documentation to get familiar.
http://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Security/TrustSec_2-0/trustsec_2-0_dig.pdf
Cisco ISE node has many roles; Admin, Monitor & Policy Service. The policy service node (PSN) is the one which plays the role of RADIUS server ( Advanced RADIUS to be precise) to handle AAA requests.
For Internal hosts dot1x authentication, you can have an ISE PSN in internal LAN (same VLAN as servers or Users). Whereas for Wireless Guests, you can use a dedicated PSN or share the PSN depending on security requirements.
Cheers,
Vidy
Please don't forget to rate this post if useful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide