cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3865
Views
5
Helpful
0
Comments
Jason Kunst
Cisco Employee
Cisco Employee

In dCloud we have the ISE Sandbox. It is provided as a quick opportunity on the new OS with minimal support. It comes with no documentation. The following document can be used with the ISE Sandbox as a basic flow and validation of ISE with a wireless controller.

All our demos are available under http://cs.co/selling-ise-demos

Like most other ISE dcloud demos it includes no provided virtual clients. You have to bring your own AP/Endpoint Router kit and wireless clients. Please see other demos and their respective guides about connecting your own.

 

For more information on getting started with your AP or demo check out the documents listed here

Basic testing completed with the following steps

Configured minimal settings for basic dot1x and tested connectivity. If you’d like to continue please reference existing how to guides:

ISE Guest Access Prescriptive Deployment Guide

Cisco ISE BYOD Prescriptive Deployment Guide

 

Configure ISE

Connect to the ISE UI

  1. Access WKST1 of your dCloud demo using the WebRDP of your session.
  2. Launch firefox and using the bookmark for ISE.
  3. Login to ISE (credentials are cached as admin/C1sco12345)

Update profiler and posture feeds

The ISE Sandbox doesn’t have automation to update the Profiler & Posture feed services that include information (such as OS version and MAC OUI) needed to perform these services. We will work this into further release automation. This would cause problems with new versions of Apple Devices for example just recently apple came out with the iPadOS. Or when Apple comes out with new hardware OUI (MAC vendor listing needs to be updated). 

 

The following steps will help you update the feeds. These take about 15 min each but they can be done in parallel.

Update profiler feed

  1. Navigate to Work Centers > Profiler > Feeds
  2. Click Test Feed Server Connection and after success, Click Update Now

 

Note: You can move to posture feed update and then validate after 15 min or so that the feed is updated. 

 

profilerfeedupdate-done.png

Update posture feed

  1. Navigate to Administration > System > Settings > Posture > Updates
  2. Click Update Now

Note: This may take 15 min or so. You can wait until this is done then go back to Profiler feed status check.

 

posturefeed.png

 

Add Active Directory Join Point AD1

  1. Navigate to Administration > Identity Management > External Identity Sources  > Active Directory
  2. Added join point name AD1 with domain dcloud.cisco.com
  3. Joined domain administrator/C1sco12345
  4. Click Submit

Added WLC to ISE

  1. Navigate to Administration > Network Resources > Network Devices
  2. Add network device with following info:
    • Name: WLC1
    • IP: 198.19.11.10
    • RADIUS Authentication Settings Enabled  with Shared Secret C1sco12345
  3. Click Submit

 

Configure WLC

Open WLC UI

  1. Using Firefox open bookmark for WLC and login with cached credentials (otherwise use your session username and password from dCloud details page)

Configure AAA servers

Note: There is already a server, leave that, its for setting up automation credentials for usage to GUI Login (dcloud user/pass)

  1. Click Advanced
  2. Go to Security > AAA > RADIUS > Authentication, click to create New entry
  3. Add in ISE with the following and applying it
    • Server IP Address: 198.18.133.27
    • Shared secret C1sco12345
  4. Click Apply
  5. Create accounting server with same as above

 

Create Wireless network

  1. Click WLANs 
  2. Create new WLAN with the following info:
  3. WLAN create new GO
    • Profile Name: dcloud-internal
    • SSID  dcloud-internal-xxxx (something unique so you don’t collide with others using dcloud ISE demos)
    • Click Apply
  4. Under general tab
    • set status to enabled
    • choose Interface > guest
  5. Click Security > AAA servers and choose 198.18.133.27 for both
  6. Advanced Tab > uncheck flexconnect local switching (scroll down halfway)
  7. Click Apply
  8. In the upper right click Save configuration

 

That’s all you need to do a basic setup test!

 

Test a client

  1. On your device connect to dcloud-internal-xxx
  2. Enter credentials as employee/C1sco12345
  3. Connected! Browse to internet. Success!
  4. On ISE navigate to Operations > Radius Livelog and look at your entries

 

That’s all included with our basic connectivity test!

 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: