Cisco ISE - For Wired Networks

in this video we will configure our High availability with two node deployment where one will be primary and other will be secondary so that all the info get sync with secondary, when primary is down we can authenticate device and users.

let install the remaining components of our lab that is

installing EVE-NG for our cisco catalyst switch and windows pc which will be our authenticating device, also the mikrotrik router for routing to internet.

We will learn and configure the MAB authentication which is also know as mac address bypass authentication.

In the previous video we have learned and implemented the MAB, in this video we will configure the Dot1x authentication so that we can now authenticate user with credentials such as username and password, we will authenticate user with ISE internal database and also with Active Directory as our external identity store.

Since we have done the authentication of the devices and we have no information about the type of endpoint in this video we will enable the Microsoft windows 10 profile so that in the coming videos when authentication is done ISE can now profile such machines.

One of them most common visitor is the guest in every organization, to provide limited or restricted access we can utilize the guest portal of ISE, in this video we will specifically look at the HOTSPOT Guest portal.

As we have implemented the HOTSPOT the challenge is that we need to provide the code to each and every guest, sometimes the code remain same for all, this will cause issue as the outsider or attacker can get the access code and breach our network, TO overcome this issue we can now allow self-registration, in this way we actually know who is the person and type of machine that is being used by the user.

Another best to invite guest is to use the sponsor portal, this will be used when there are people you will be frequently visiting our organization for fixed time, such as contractors or consultants or clients, this portal gives us the flexibility to reduce the stress form admins so that sponsor user can create their own user accounts as their requirements.

Cisco ISE is famous for BYOD, in this video we will implement the BYOD and authenticate user with ISE internal database.

This video will be the continuation of the previous one, we will authenticate user with different identity store such as active director and also look at the self registration BYOD for guest option too.