Cisco ISE: Introduction, Requirements, Installation. Part 1

1. Introduction

, , ( ). , RADIUS, TACACS+ DIAMETER. , : BYOD , , .

NAC (Network Access Control) - . , Cisco ISE (Identity Services Engine) - NAC , , , .

, Cisco ISE :

  • WLAN;

  • BYOD (, , );

  • SGT ( TrustSec);

  • (posturing);

  • ;

  • ;

  • logon/logoff , (identity) NGFW user-based ;

  • Cisco StealthWatch , ();

  • .

Cisco ISE , : Cisco ISE, Cisco ISE.

2.

Identity Services Engine 4 (): (Policy Administration Node), (Policy Service Node), (Monitoring Node) PxGrid (PxGrid Node). isco ISE (standalone) (distributed) . Standalone (Secure Network Servers - SNS), Distributed - .

Policy Administration Node (PAN) - , Cisco ISE. , . ( ) PAN - Active/Standby .

Policy Service Node (PSN) - , , , , . PSN . , PSN , , . , , .

Monitoring Node (MnT) - , , . MnT , , . Cisco ISE MnT , - Active/Standby . , , , .

PxGrid Node (PXG) - , PxGrid , PxGrid.

PxGrid  - , - - : , , . Cisco PxGrid API, TrustSec (SGT ), ANC (Adaptive Network Control) , - , , .

PxGrid PAN. , PAN , PxGrid , . 

Cisco ISE .

Figure 1. Cisco ISE Architecture
1. Cisco ISE

3.

Cisco ISE , . 

Cisco ISE SNS (Secure Network Server). : SNS-3615, SNS-3655 SNS-3695 , . 1 SNS.

1. SNS

SNS 3615 (Small)

SNS 3655 (Medium)

SNS 3695 (Large)

Standalone

10000

25000

50000

PSN

10000

25000

100000

CPU (Intel Xeon 2.10 )

8

12

12

RAM 

32 (2 x 16 )

96 (6 x 16 )

256 (16 x 16 )

HDD

1 600

4 600

8 600

Hardware RAID

RAID 10, RAID

RAID 10, RAID

2 10Gbase-T

4 1Gbase-T 

2 10Gbase-T

4 1Gbase-T 

2 10Gbase-T

4 1Gbase-T

, VMware ESXi ( VMware 11 ESXi 6.0), Microsoft Hyper-V Linux KVM (RHEL 7.0). , , . , : 2 CPU 2.0 , 16 RAM 200 HDD. 

Cisco ISE β„–1, β„–2.

4.

Cisco, ISE :

  • dcloud – ( Cisco);

  • GVE request – Cisco ( ). : Product type [ISE], ISE Software [ise-2.7.0.356.SPA.x8664], ISE Patch  [ise-patchbundle-2.7.0.356-Patch2-20071516.SPA.x8664];

  • - .

1) , ISO , OVA , , ISE . "setup"!

: ISE OVA , admin / MyIseYPass2 ( ).

Figure 2. Installing Cisco ISE
2. Cisco ISE

2) , IP-, DNS, NTP .

Figure 3. Initializing Cisco ISE
3. Cisco ISE

3) , - IP-.

Figure 4. Cisco ISE Web Interface
4. - Cisco ISE

4) Administration > System > Deployment , () . PxGrid .

Figure 5. Cisco ISE Entity Management
5. Cisco ISE

5) Administration > System > Admin Access > Authentication , ( ), .

Figure 6. Configuring the authentication type
6.
Figure 7. Password Policy Settings
7.
Figure 8. Configuring account shutdown after time expires
8.
Figure 9. Configuring account lockout
9.

6) Administration > System > Admin Access > Administrators > Admin Users > Add .

Figure 10. Creating a Local Cisco ISE Administrator
10. Cisco ISE

7) . Admin Groups. 2 ISE, .

2. Cisco ISE, ,

Customization Admin

, ,

,

Helpdesk Admin

, ,

, ,

Identity Admin

, , ,

,

MnT Admin

, , ,

Network Device Admin

, ISE, , ,

,

Policy Admin

, , ,

, ISE

RBAC Admin

Operations, ANC ,

  ANC ,

Super Admin

, ,

, Super Admin

System Admin

Operations, , ANC,

  ANC ,

External RESTful Services (ERS) Admin

REST API Cisco ISE

, , (SG)

External RESTful Services (ERS) Operator

REST API Cisco ISE

, , (SG)

Figure 11. Preset Cisco ISE Administrator Groups
11. Cisco ISE

8) Authorization > Permissions > RBAC Policy .

Figure 12. Privilege Management of Preset Cisco ISE Administrator Profiles
12. Cisco ISE

9) Administration > System > Settings (DNS, NTP, SMTP ). , .

5.

. NAC Cisco ISE, , , .

, Microsoft Active Directory, .

, .

(TelegramFacebookVKTS Solution Blog.).




All Articles