Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Ise Content Table

    Загружено:

    acehussain
    23 просмотров12 страниц
    ize content table

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    ize content table

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    23 просмотров12 страниц

    Ise Content Table

    Загружено:

    acehussain
    ize content table

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 12

    ISE

    Advanced Services Implementing


    Cisco Identity Services Engine
    Secure Solutions
    Volume 1
    Version 1.0

    Student Guide
    Text Part Number: 97-3099-02

    DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN
    CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF
    THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED
    WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR
    PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
    content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.

    Student Guide

    2012 Cisco and/or its affiliates. All rights reserved.

    Students, this letter describes important


    course evaluation access information!

    Welcome to Cisco Systems Learning. Through the Cisco Learning Partner Program,
    Cisco Systems is committed to bringing you the highest-quality training in the industry.
    Cisco learning products are designed to advance your professional goals and give you
    the expertise you need to build and maintain strategic networks.
    Cisco relies on customer feedback to guide business decisions; therefore, your valuable
    input will help shape future Cisco course curricula, products, and training offerings.
    We would appreciate a few minutes of your time to complete a brief Cisco online
    course evaluation of your instructor and the course materials in this student kit. On the
    final day of class, your instructor will provide you with a URL directing you to a short
    post-course evaluation. If there is no Internet access in the classroom, please complete
    the evaluation within the next 48 hours or as soon as you can access the web.
    On behalf of Cisco, thank you for choosing Cisco Learning Partners for your
    Internet technology training.
    Sincerely,
    Cisco Systems Learning

    Table of Contents
    Volume 1
    Introduction to the Cisco TrustSec 2.0 Solution and
    Cisco ISE Platform Architecture.................................................................................... 1-1
    Overview ............................................................................................................................................ 1-1
    Module Objectives ....................................................................................................................... 1-1

    Introducing the Cisco TrustSec 2.0 Solution and ISE Platform Architecture .................. 1-3
    Overview ............................................................................................................................................ 1-3
    Lesson Objectives ....................................................................................................................... 1-3
    Introducing the Cisco Borderless Network Architecture .................................................................... 1-4
    Cisco TrustSec Solution .............................................................................................................. 1-6
    Introducing the Cisco ISE................................................................................................................. 1-18
    Cisco ISE Software Architecture ...................................................................................................... 1-24
    External Identity Source ............................................................................................................ 1-30
    Administration Node .................................................................................................................. 1-33
    Policy Service Node .................................................................................................................. 1-37
    Monitoring Node ........................................................................................................................ 1-39
    Network Access Device ............................................................................................................. 1-43
    Cisco ISE Software Licensing .......................................................................................................... 1-50
    Summary .......................................................................................................................................... 1-55

    Cisco Identity Services Engine Deployment ................................................................ 2-1


    Overview ............................................................................................................................................ 2-1
    Module Objectives ....................................................................................................................... 2-1

    Installing the Cisco ISE Software ....................................................................................... 2-3


    Overview ............................................................................................................................................ 2-3
    Lesson Objectives ....................................................................................................................... 2-3
    Introducing the Cisco ISE Software GUI ............................................................................................ 2-4
    Installing the Cisco ISE Software on a Server ................................................................................. 2-13
    Installing the Cisco ISE Software on an ISE Appliance ................................................................... 2-14
    Installing the Cisco ISE Software on a Virtual Machine ................................................................... 2-21
    Disk Allocation ........................................................................................................................... 2-23
    Configuring Post-Install Tasks ......................................................................................................... 2-24
    Installing a Valid License ........................................................................................................... 2-25
    Network Device Configuration ......................................................................................................... 2-31
    Admin User Configuration ................................................................................................................ 2-39
    Certificate Configuration................................................................................................................... 2-44
    Obtaining a Certificate from the CA ........................................................................................... 2-46
    Creating a CSR.......................................................................................................................... 2-48
    Binding a Certificate to a CSR ................................................................................................... 2-51
    Configuring NTP for the Cisco ISE .................................................................................................. 2-53
    Summary .......................................................................................................................................... 2-54

    Integrating Cisco ISE into Microsoft Active Directory..................................................... 2-55


    Overview .......................................................................................................................................... 2-55
    Lesson Objectives ..................................................................................................................... 2-55
    Introducing Microsoft Active Directory ............................................................................................. 2-56
    Configuring Cisco ISE for Active Directory Integration .................................................................... 2-59
    Connecting to the Active Directory Domain ............................................................................... 2-62
    Configuring Active Directory Groups ......................................................................................... 2-65
    Leaving the Active Directory Domain ........................................................................................ 2-67
    Verifying Proper Cisco ISE Operation with Active Directory ............................................................ 2-69
    Enabling Active Directory Debug Logs ...................................................................................... 2-70
    Summary .......................................................................................................................................... 2-72

    Configuring Cisco ISE for Distributed Deployment......................................................... 2-73


    Overview .......................................................................................................................................... 2-73
    Lesson Objectives ..................................................................................................................... 2-73
    Supported High-Availability Deployment Options ............................................................................ 2-74
    Configuring High Availability ............................................................................................................ 2-82
    Summary .......................................................................................................................................... 2-94

    Classification and Policy Enforcement ........................................................................ 3-1


    Overview ............................................................................................................................................ 3-1
    Module Objectives ....................................................................................................................... 3-1

    Using Cisco ISE for Policy Enforcement ............................................................................ 3-3


    Overview ............................................................................................................................................ 3-3
    Lesson Objectives ....................................................................................................................... 3-3
    What Is Policy Enforcement on Cisco ISE? ....................................................................................... 3-4
    Authentication Policies ................................................................................................................ 3-5
    Authentication Type, Protocols, and Databases ......................................................................... 3-8
    Simple Authentication Policies .................................................................................................. 3-10
    Rule-Based Authentication Policies .......................................................................................... 3-12
    Allowed Protocols Service ......................................................................................................... 3-14
    Authorization Profile .................................................................................................................. 3-17
    Authorization Policy ................................................................................................................... 3-20
    Configuring Cisco ISE for Policy Enforcement ................................................................................ 3-22
    Network Infrastructure ............................................................................................................... 3-23
    Allowed Protocols Service ......................................................................................................... 3-25
    Simple Authentication ................................................................................................................ 3-27
    Rule-Based Authentication ........................................................................................................ 3-29
    Simple Conditions...................................................................................................................... 3-31
    Compound Conditions ............................................................................................................... 3-32
    Verifying Policy Enforcement for Cisco ISE ..................................................................................... 3-37
    Summary .......................................................................................................................................... 3-40

    Configuring Cisco ISE for MAB ........................................................................................ 3-41


    Overview .......................................................................................................................................... 3-41
    Lesson Objectives ..................................................................................................................... 3-41
    What Is MAC Authentication Bypass? ............................................................................................. 3-42
    MAB Functional Operation ........................................................................................................ 3-46
    MAB Design Considerations ..................................................................................................... 3-50
    Network Infrastructure Configuration for MAB ................................................................................. 3-53
    AAA Configuration ..................................................................................................................... 3-54
    Port Configuration...................................................................................................................... 3-58
    Cisco ISE Configuration for MAB ..................................................................................................... 3-61
    Cisco ISE Configuration for Whitelists ............................................................................................. 3-65
    MAB Operation Verification on Cisco ISE ........................................................................................ 3-72
    Summary .......................................................................................................................................... 3-78

    Configuring Cisco ISE for Wired and Wireless 802.1X Authentication .......................... 3-79
    Overview .......................................................................................................................................... 3-79
    Lesson Objectives ..................................................................................................................... 3-79
    Reviewing 802.1X Authentication .................................................................................................... 3-80
    Authentication Initiation and Message Exchange ..................................................................... 3-82
    Ports in Authorized and Unauthorized States ........................................................................... 3-83
    IEEE 802.1X Host Mode ........................................................................................................... 3-85
    Using IEEE 802.1X with Voice VLAN Ports .............................................................................. 3-86
    Using IEEE 802.1X with Per-User ACLs ................................................................................... 3-87
    802.1X Configuration Guidelines ............................................................................................... 3-89
    Configuring a Windows Client for 802.1X Authentication ................................................................ 3-91
    Configuring Cisco ISE for Wired 802.1X Authentication .................................................................. 3-96
    Customizing the Password Policy ............................................................................................. 3-97
    Creating Users and Groups ....................................................................................................... 3-99
    Configuring the Identity Source Sequence .............................................................................. 3-101
    ii

    Advanced Services Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0

    2012 Cisco Systems, Inc.

    Updating the 802.1X Authentication Rule ............................................................................... 3-102


    Customizing Authorization Policies ......................................................................................... 3-103
    Configuring Machine Access Restrictions ............................................................................... 3-106
    Configuring Cisco ISE for Wireless 802.1X Authentication ........................................................... 3-107
    Configuring the Cisco ISE for Wireless 802.1X Authentication ............................................... 3-108
    Reviewing the WLC Configuration........................................................................................... 3-110
    Verifying 802.1X Operation ............................................................................................................ 3-125
    Wireless 802.1X Verification.................................................................................................... 3-126
    Summary ........................................................................................................................................ 3-128

    Deploying VPN-Based Services Using the Cisco ASA and Inline Posture .................. 3-129
    Overview ........................................................................................................................................ 3-129
    Lesson Objectives ................................................................................................................... 3-129
    Introducing Inline Posture .............................................................................................................. 3-130
    Trusted and Untrusted Interfaces ............................................................................................ 3-132
    Choosing an Inline Posture Operating Mode .......................................................................... 3-133
    Inline Posture Router Mode ..................................................................................................... 3-134
    Inline Posture Bridged Mode ................................................................................................... 3-135
    Choosing Standalone Mode or High Availability ..................................................................... 3-136
    Inline Posture High Availability in Router Mode ...................................................................... 3-140
    Inline Posture High Availability in Bridged Mode ..................................................................... 3-141
    Configuring Inline Posture for Router Mode................................................................................... 3-142
    Configuring Inline Posture for High Availability .............................................................................. 3-151
    Configuring Inline Posture for Authorization Profiles and Policies ................................................. 3-154
    Verifying Inline Posture Operation ................................................................................................. 3-166
    Summary ........................................................................................................................................ 3-171

    Configuring Web Authentication Using Cisco ISE ........................................................ 3-173


    Overview ........................................................................................................................................ 3-173
    Lesson Objectives ................................................................................................................... 3-173
    What Is Web Authentication? ......................................................................................................... 3-174
    Web Authentication Configuration Using Cisco ISE ...................................................................... 3-177
    Configure the Web Authentication Portal ................................................................................ 3-179
    Enable Web Authorization ....................................................................................................... 3-181
    Web Authentication Verification ..................................................................................................... 3-184
    Summary ........................................................................................................................................ 3-189

    2012 Cisco Systems, Inc.

    Advanced Services Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0

    iii

    iv

    Advanced Services Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0

    2012 Cisco Systems, Inc.

    ISE

    Advanced Services Implementing


    Cisco Identity Services Engine
    Secure Solutions
    Volume 2
    Version 1.0

    Student Guide
    Text Part Number: 97-3100-02

    DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN
    CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF
    THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED
    WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR
    PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
    content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.

    Student Guide

    2012 Cisco and/or its affiliates. All rights reserved.

    Table of Contents
    Volume 2
    Guest, Profiler, and Posture Service Configuration .................................................... 4-1
    Overview ............................................................................................................................................ 4-1
    Module Objectives ....................................................................................................................... 4-1

    Introducing the Cisco ISE Guest Service ........................................................................... 4-3


    Overview ............................................................................................................................................ 4-3
    Lesson Objectives ....................................................................................................................... 4-3
    What Is the Cisco ISE Guest Service? .............................................................................................. 4-4
    Functional Description ................................................................................................................. 4-5
    Cisco ISE Guest Service Components ........................................................................................ 4-6
    Cisco ISE Guest Service Applications ......................................................................................... 4-7
    Cisco ISE Admin Portal ............................................................................................................... 4-8
    Cisco ISE Sponsor Portal ............................................................................................................ 4-9
    Cisco ISE Guest User Portal ..................................................................................................... 4-10
    Guest High Availability and Replication ..................................................................................... 4-11
    Defining Sponsor Access Policies ................................................................................................... 4-13
    Configuring System Settings ..................................................................................................... 4-14
    Configuring Sponsor Groups ..................................................................................................... 4-17
    Configuring Identity Source Sequences .................................................................................... 4-23
    Configuring Authentication Sources .......................................................................................... 4-27
    Configuring a New Sponsor User .............................................................................................. 4-29
    Configuring Sponsor Group Policies ......................................................................................... 4-31
    Configuring Guest Settings .............................................................................................................. 4-36
    Configuring the Details Policy.................................................................................................... 4-37
    Configuring the Guest Portal Policy........................................................................................... 4-38
    Configuring the Guest Username Policy ................................................................................... 4-40
    Configuring the Guest Password Policy .................................................................................... 4-42
    Configuring a Guest User in the Sponsor Portal ....................................................................... 4-43
    Summary .......................................................................................................................................... 4-46

    Introducing the Cisco ISE Profiler Service....................................................................... 4-47


    Overview .......................................................................................................................................... 4-47
    Lesson Objectives ..................................................................................................................... 4-47
    What Is the Cisco ISE Profiler Service? ........................................................................................... 4-48
    Endpoint Profiling....................................................................................................................... 4-51
    Licensing and Deployment ........................................................................................................ 4-53
    Configuring Profiling on Cisco ISE ................................................................................................... 4-55
    Configuring Change of Authorization......................................................................................... 4-57
    Configuring Probes .................................................................................................................... 4-59
    Configuring Endpoint Profiling Policies ..................................................................................... 4-62
    Verifying Profiling on Cisco ISE Platform ......................................................................................... 4-68
    Summary .......................................................................................................................................... 4-72

    Introducing the Cisco ISE Posture Service ...................................................................... 4-73


    Overview .......................................................................................................................................... 4-73
    Lesson Objectives ..................................................................................................................... 4-73
    What Is the Cisco ISE Posture Service? .......................................................................................... 4-74
    Client Provisioning Overview ..................................................................................................... 4-80
    Available NAC Agents ............................................................................................................... 4-82
    Posture Service Components .................................................................................................... 4-85
    Posture and Client Provisioning Flow ........................................................................................ 4-87
    Configuring Cisco ISE for Client Provisioning .................................................................................. 4-89
    Configuring an Authorization Policy for Client Provisioning and Posture Compliance .................... 4-99
    Configuring the Posture Subscription and Policy ........................................................................... 4-105
    Configuring Dynamic Updates ................................................................................................. 4-109
    Configuring an AUP ................................................................................................................. 4-112
    Creating a Simple Condition .................................................................................................... 4-115

    Creating a Remediation Action ................................................................................................ 4-116


    Creating an Antivirus Policy .................................................................................................... 4-117
    Configuring a Client Posture Policy ......................................................................................... 4-119
    Verifying the Posture Service......................................................................................................... 4-123
    Summary ........................................................................................................................................ 4-126

    Cisco TrustSec 2.0 Architecture Design for the ISE Appliance ................................. 5-1
    Overview ............................................................................................................................................ 5-1
    Module Objectives ....................................................................................................................... 5-1

    Designing the Cisco TrustSec 2.0 Solution Architecture for the ISE Appliance ............. 5-3
    Overview ............................................................................................................................................ 5-3
    Lesson Objectives ....................................................................................................................... 5-3
    High-Level Design Guidance ............................................................................................................. 5-4
    Cisco ISE Packaging and Licensing.......................................................................................... 5-14
    Creating the Bill of Materials ..................................................................................................... 5-25
    HLD Case Studies: Small and Midsized Corporations .................................................................... 5-27
    HLD Case Study: Small Corporations ....................................................................................... 5-27
    HLD Case Study: Midsized Corporations .................................................................................. 5-31
    Customer Overview ................................................................................................................... 5-35

    Selecting Cisco TrustSec 2.0 Infrastructure Hardware and the ISE Appliance ........ A-1
    Overview ............................................................................................................................................ A-1
    Lesson Objectives ....................................................................................................................... A-1
    Introducing Cisco TrustSec 2.0 Switching Infrastructure Hardware .................................................. A-2
    Catalyst 2000 Series Switches .................................................................................................... A-3
    Catalyst 3000 Series Switches .................................................................................................. A-12
    Catalyst 4000 Series Switches .................................................................................................. A-18
    Catalyst 6500 Switches ............................................................................................................. A-26
    Cisco Nexus Switches ............................................................................................................... A-33
    Introducing Cisco TrustSec 2.0 WLC Hardware .............................................................................. A-42
    Wireless LAN Controller 2100 Series ........................................................................................ A-43
    Wireless LAN Controller 4400 Series ........................................................................................ A-45
    Wireless LAN Controller 5500 Series ........................................................................................ A-48
    Catalyst 3750 Integrated Wireless LAN Controller .................................................................... A-50
    Wireless Service Module ........................................................................................................... A-53
    WLC Module .............................................................................................................................. A-55
    Introducing Cisco TrustSec 2.0 ISE Hardware ................................................................................ A-57
    Product Overview ...................................................................................................................... A-58
    Features and Benefits ............................................................................................................... A-58
    Summary .......................................................................................................................................... A-60

    Introducing Cisco TrustSec Fundamentals ....................................................................... B-1


    Overview ............................................................................................................................................ B-1
    Lesson Objectives ....................................................................................................................... B-1
    Key Cisco TrustSec Functions ........................................................................................................... B-2
    Security Group Access Solution Overview ........................................................................................ B-6
    Summary .......................................................................................................................................... B-28

    ii

    Advanced Services Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0

    2012 Cisco Systems, Inc.

    Вам также может понравиться