ISE Deployment

Dmitry Golovenkin · ‎04-10-2014

Hello,

I want to make sure I have everything I need for the deployment of Cisco ISE. The reason for deployment is to stop people plugging in their infected devices.

Current network has:

Microsoft 2003 Active Directory Server/DHCP and DNS
Cisco 3750X and 2960S switches
Cisco ASA5512-X Firewalls
Windows 7/8 and Mac OS X devices on wireless and wired
Extricom Wireless controller and Extricom Aps

For ISE Deployment I have the following:

Cisco Secure Network Server 3415:

SNS-3415-K9 and SMARTnet CON-SNT-SNS-3415

Licence for 250 Users:

L-ISE-W-S-250=

Please advise if I need anything else?

kaaftab · ‎04-10-2014

well you have covered the basic requirement but you have not mentioned the level of security you want to achieve by this deployment the only issue i can see is that will be the compatibility of Extricom Wireless controller and Extricom Aps .Do do share if you want simple AD authentication or you have any other thing planned.Also check the SKU you mentioned.

Dmitry Golovenkin · ‎04-10-2014

Just want to force users to authenticate their devices before allowing access on the network. Do I need Cisco Prime or it's not required?

kaaftab · ‎04-10-2014

No Prime is not essential.

Tarik Admani · ‎04-11-2014

We need to make sure which route you plan to use to insure that the device is connected. You can use eap-tls to insure that the certificate used to authenticate the device. If you do not want to support a CA then i suggest looking at the eap-chaining feature on the Cisco anyconnect NAM, it forces machine and user authentication so you can be certain that only domain assets are connected to your wired or wireless network.

Venkatesh Attuluri · ‎04-15-2014

make sure you have

Catalyst 2960-S Recommended OS Version IOS v 12.2(55)-SE3
Catalyst 3750-X Recommended OS Version IOS v 15.0.2-SE2 (ED) IP BASE

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html