11-23-2020 02:49 AM
Hi there, and thank you for reading.
Been out of IT infrastructure for a number of years and struggling to get up to speed rapidly.
Im looking at an existing ICE system supporting AAA/ Profiling/BTOD/Guest/Posture services.
We are looking to add some third party switch hardware and door access/cctv endpoints, which we want to be complient with ICE. Am I understanding correctly that the switches just need to support 802.1X, or that need to support 802.1X and have RADIUS and TACACS integration built in?
Do I also understand correctly that ICE can have exceptions for certain nodes and endpoints if there are compatibility issues, but any new devices added to those nodes, a bad actor or such would still be blocked by ICE?
Many thanks in Advance
Fraser
11-23-2020 04:12 AM
- Check below link for examples :
M.
11-23-2020 04:48 AM
here is the device matrix based on the version of ISE you running
11-23-2020 05:36 AM
On top of the links provided take a peek at the ISE Resources links at the top of the 'Network Access Control' community forum as there are really good examples and guides there. Also, for free tutorials for ISE config demos take a look at: Video: Security | Lab Minutes
Am I understanding correctly that the switches just need to support 802.1X, or that need to support 802.1X and have RADIUS and TACACS integration built in?
-Yes. Devices will need to be able to support dot1x and radius. Radius is used between the authenticator (switch) and ISE (authentication server). Note there are specific licenses (Base) needed to support your typical AAA services.
Do I also understand correctly that ICE can have exceptions for certain nodes and endpoints if there are compatibility issues, but any new devices added to those nodes, a bad actor or such would still be blocked by ICE?
-Yes. You will utilize your policy sets to steer policy and allow (authorize) good known clients onto the network. Bad actors should not match any policies and hit the default policy which should be secured (deny access).
HTH!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide