Hemant Sharma is a Wireless Development Engineer at Cisco Systems
Cisco Identity Services Engine (ISE) is a next generation product that provides various types of solutions/services in a single box. Example – ACS, NAC, NAC Profiler, NAC Guest Portfolios.
In the first Video you will see:
1. Integration of ISE and WLC. 2. Basic configuration of WLC and ISE.
In the Second video you will see:
1. Posturing of wireless client. 2. Wireless client association. 3. Limitation
Key features of ISE
AAA protocols - it uses RADUIS Protocol for Authentication, Authorization and Accounting. ISE NAC and WLC uses RADUIS protocol to communicate with each other.
Authentication protocols – It supports various types of authentication protocols. PAP, MS-CHAP, EAP-MD5, PEAP, EAP-FAST, EAP-TLS.
Access control – it provides wide range of access control mechanism like - URL Redirect, Vlan Assignment, downloadable access control lists dACLs), and SGA tagging.
Posture – ISE verifies endpoint’s posture assessment via either a NAC-client-Agent or web agent. An admin can configure various kinds of posture conditions like – latest OS patches, Antivirus etc.-
Profiling – Profiling is for identifying and analyzing end-points in the network, end-points can be any device in the network which try to access network like – iPhone, iPad, laptop, printers etc. ISE comes with several pre-defined profiles for end-points. We can also create our own and we can define specific authorization policy to those profile.
Policy model – policy model offers attributes and rule based policies for creating flexible and more specific access control policy.
Guest lifecycle management - this feature is used to create a lobby admin, in ISE terminology, it is called sponsor user who can create login credentials for guest user.
Platform options - ISE available as a physical or virtual appliance. It can also be installed on VMware.
Monitoring, Troubleshooting and Reporting are easy and user friendly.