Solved: Re: What are the use cases for IBNS 2.0 if I am already using ISE for

rubrasulyn · ‎01-03-2024

I am working on deploying 802.1X for endpoints (basic IP phones, Windows clients, printers) on an enterprise network using ISE w/ TrustSec in a Cisco only environment (IOS-XE switches). I have done this a few times, however the topic of configuring IBNS 2.0 on the switches has recently come up. I have never used it on any of my previous switch configurations when deploying 802.1X with ISE, so I am completely unfamiliar with it apart from doing some initial reading. I am struggling to understand the upside or benefit to IBSN 2.0 and their weird C3PL syntax. Do these configurations offer any added functionality that cannot be accomplished via ISE?

Appreciate any help regarding this topic.

https://19216811.cam/ https://1921681001.id/

Rob Ingram · ‎01-04-2024

@rubrasulyn using IBNS 2.0 will provide the ability to assign a Critical ACL/SGT in the event ISE is down, Differentiated Authentication (different AAA server per interface), send the source VLAN to ISE during authentication, reduces the configuration bloat under the interfaces. If you do not require those features then IBNS 1.0 will suffice.

View solution in original post

thomas · ‎01-04-2024

Consider watching our ISE Webinar : ▷ 802.1X Simplification & Automation with IBNS 2.0

00:00 Intro and Agenda
00:31 Adoption Barriers: Clients, Network Devices, Solution Complexity
02:16 ISE and Cisco DNAC Integration
03:05 Balancing Tools and Complexity
03:51 DNAC Automation
04:49 Intent-Based Networking and Software-Defines Access (SDA)
06:44 IEEE 802.1X
07:44 MAC Authentication Bypass (MAB)
08:08 Deployment Modes: Monitor, Low-Impact, Closed
08:57 Switch Authentication Templates
11:01 IBNS Evolution
13:22 AAA & IBNS Switch Configurations
14:25 Configuring IBNS 2.0
15:08 Identity Control Policy (Event-Class-Action)
17:38 Critical VLANs and ACLs
18:32 Migrating IBNS 1.0 to 2.0 Configs (New-Style Mode)
20:00 Automation with AutoConf
22:39 Autoconf Interface Templates
25:08 Interface Templates & Low-Impact
28:30 Embedded Event Manager
32:10 IBNS Demo Configuration Review
36:48 switchport `shutdown`
42:10 DNAC Config Review
43:20 ISE Config Review
45:07 DNAC Authentication Template
45:25 DNAC Template Editor
46:02 ISE Profiling Policies
46:42 ISE Authorization Profile
50:05 Resources:

Cisco Automation Series on Cisco BLOGs : https://blogs.cisco.com/tag/dna-center-automation-series
Cisco DevNet Automation Exchange : https://cs.co/DNAC-Templates
GitHub Content : https://tinyurl.com/DNAC-Templates
Lab Content : https://tinyurl.com/DNAC-Templates-Labs
SA Prescriptive Deployment Guide : https://cs.co/ISEPrescriptiveDeploymentGuide

View solution in original post

Rob Ingram · ‎01-04-2024

@rubrasulyn using IBNS 2.0 will provide the ability to assign a Critical ACL/SGT in the event ISE is down, Differentiated Authentication (different AAA server per interface), send the source VLAN to ISE during authentication, reduces the configuration bloat under the interfaces. If you do not require those features then IBNS 1.0 will suffice.

thomas · ‎01-04-2024

Consider watching our ISE Webinar : ▷ 802.1X Simplification & Automation with IBNS 2.0

00:00 Intro and Agenda
00:31 Adoption Barriers: Clients, Network Devices, Solution Complexity
02:16 ISE and Cisco DNAC Integration
03:05 Balancing Tools and Complexity
03:51 DNAC Automation
04:49 Intent-Based Networking and Software-Defines Access (SDA)
06:44 IEEE 802.1X
07:44 MAC Authentication Bypass (MAB)
08:08 Deployment Modes: Monitor, Low-Impact, Closed
08:57 Switch Authentication Templates
11:01 IBNS Evolution
13:22 AAA & IBNS Switch Configurations
14:25 Configuring IBNS 2.0
15:08 Identity Control Policy (Event-Class-Action)
17:38 Critical VLANs and ACLs
18:32 Migrating IBNS 1.0 to 2.0 Configs (New-Style Mode)
20:00 Automation with AutoConf
22:39 Autoconf Interface Templates
25:08 Interface Templates & Low-Impact
28:30 Embedded Event Manager
32:10 IBNS Demo Configuration Review
36:48 switchport `shutdown`
42:10 DNAC Config Review
43:20 ISE Config Review
45:07 DNAC Authentication Template
45:25 DNAC Template Editor
46:02 ISE Profiling Policies
46:42 ISE Authorization Profile
50:05 Resources:

Cisco Automation Series on Cisco BLOGs : https://blogs.cisco.com/tag/dna-center-automation-series
Cisco DevNet Automation Exchange : https://cs.co/DNAC-Templates
GitHub Content : https://tinyurl.com/DNAC-Templates
Lab Content : https://tinyurl.com/DNAC-Templates-Labs
SA Prescriptive Deployment Guide : https://cs.co/ISEPrescriptiveDeploymentGuide

What are the use cases for IBNS 2.0 if I am already using ISE for 802.