Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISE Deployment

Hello,

I want to make sure I have everything I need for the deployment of Cisco ISE. The reason for deployment is to stop people plugging in their infected devices. 

 

Current network has:

  • Microsoft 2003 Active Directory Server/DHCP and DNS
  • Cisco 3750X and 2960S switches
  • Cisco ASA5512-X Firewalls
  • Windows 7/8 and Mac OS X devices on wireless and wired
  • Extricom Wireless controller and Extricom Aps

For ISE Deployment I have the following:

 

Cisco Secure Network Server 3415:

SNS-3415-K9 and SMARTnet CON-SNT-SNS-3415

Licence for 250 Users:

L-ISE-W-S-250=

 

 

Please advise if I need anything else?

Everyone's tags (2)
5 REPLIES
Silver

well you have covered the

well you have covered the basic requirement but you have not mentioned the level of security you want to achieve by this deployment the only issue i can see is that will be the compatibility of Extricom Wireless controller and Extricom Aps .Do do share if you want simple AD authentication or you have any other thing planned.Also check the SKU you mentioned.

New Member

Just want to force users to

Just want to force users to authenticate their devices before allowing access on the network. Do I need Cisco Prime or it's not required?

Silver

No Prime is not essential.

No Prime is not essential.

We need to make sure which

We need to make sure which route you plan to use to insure that the device is connected. You can use eap-tls to insure that the certificate used to authenticate the device. If you do not want to support a CA then i suggest looking at the eap-chaining feature on the Cisco anyconnect NAM, it forces machine and user authentication so you can be certain that only domain assets are connected to your wired or wireless network.

Tarik Admani *Please rate helpful posts*
Cisco Employee

make sure you haveCatalyst

make sure you have

Catalyst 2960-S Recommended OS Version IOS v 12.2(55)-SE3
Catalyst 3750-X Recommended OS Version IOS v 15.0.2-SE2 (ED) IP BASE

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html

165
Views
0
Helpful
5
Replies
CreatePlease to create content