Cisco ISE: introduction, exigences, installation. Partie 1

1. Introduction

, , ( ). , RADIUS, TACACS+ DIAMETER. , : BYOD , , .

NAC (Network Access Control) - . , Cisco ISE (Identity Services Engine) - NAC , , , .

, Cisco ISE :

  • WLAN;

  • BYOD (, , );

  • SGT ( TrustSec);

  • (posturing);

  • ;

  • ;

  • logon/logoff , (identity) NGFW user-based ;

  • Cisco StealthWatch , ();

  • .

Cisco ISE , : Cisco ISE, Cisco ISE.

2.

Identity Services Engine 4 (): (Policy Administration Node), (Policy Service Node), (Monitoring Node) PxGrid (PxGrid Node). isco ISE (standalone) (distributed) . Standalone (Secure Network Servers - SNS), Distributed - .

Policy Administration Node (PAN) - , Cisco ISE. , . ( ) PAN - Active/Standby .

Policy Service Node (PSN) - , , , , . PSN . , PSN , , . , , .

Monitoring Node (MnT) - , , . MnT , , . Cisco ISE MnT , - Active/Standby . , , , .

PxGrid Node (PXG) - , PxGrid , PxGrid.

PxGrid  - , - - : , , . Cisco PxGrid API, TrustSec (SGT ), ANC (Adaptive Network Control) , - , , .

PxGrid PAN. , PAN , PxGrid , . 

Cisco ISE .

Figure 1. Architecture de Cisco ISE
1. Cisco ISE

3.

Cisco ISE , . 

Cisco ISE SNS (Secure Network Server). : SNS-3615, SNS-3655 SNS-3695 , . 1 SNS.

1. SNS

SNS 3615 (Small)

SNS 3655 (Medium)

SNS 3695 (Large)

Standalone

10000

25000

50000

PSN

10000

25000

100000

CPU (Intel Xeon 2.10 )

8

12

12

RAM 

32 (2 x 16 )

96 (6 x 16 )

256 (16 x 16 )

HDD

1 600

4 600

8 600

Hardware RAID

RAID 10, RAID

RAID 10, RAID

2 10Gbase-T

4 1Gbase-T 

2 10Gbase-T

4 1Gbase-T 

2 10Gbase-T

4 1Gbase-T

, VMware ESXi ( VMware 11 ESXi 6.0), Microsoft Hyper-V Linux KVM (RHEL 7.0). , , . , : 2 CPU 2.0 , 16 RAM 200 HDD. 

Cisco ISE â„–1, â„–2.

4.

Cisco, ISE :

  • dcloud – ( Cisco);

  • GVE request – Cisco ( ). : Product type [ISE], ISE Software [ise-2.7.0.356.SPA.x8664], ISE Patch  [ise-patchbundle-2.7.0.356-Patch2-20071516.SPA.x8664];

  • - .

1) , ISO , OVA , , ISE . "setup"!

: ISE OVA , admin / MyIseYPass2 ( ).

Figure 2. Installation de Cisco ISE
2. Cisco ISE

2) , IP-, DNS, NTP .

Figure 3. Initialisation de Cisco ISE
3. Cisco ISE

3) , - IP-.

Figure 4. Interface Web de Cisco ISE
4. - Cisco ISE

4) Administration > System > Deployment , () . PxGrid .

Figure 5. Gestion des entités Cisco ISE
5. Cisco ISE

5) Administration > System > Admin Access > Authentication , ( ), .

Figure 6. Configuration du type d'authentification
6.
Figure 7. Paramètres de stratégie de mot de passe
7.
Figure 8. Configuration de l'arrêt du compte après l'expiration du délai
8.
Figure 9. Configuration du verrouillage de compte
9.

6) Administration > System > Admin Access > Administrators > Admin Users > Add .

Figure 10. Création d'un administrateur Cisco ISE local
10. Cisco ISE

7) . Admin Groups. 2 ISE, .

2. Cisco ISE, ,

Customization Admin

, ,

,

Helpdesk Admin

, ,

, ,

Identity Admin

, , ,

,

MnT Admin

, , ,

Network Device Admin

, ISE, , ,

,

Policy Admin

, , ,

, ISE

RBAC Admin

Operations, ANC ,

  ANC ,

Super Admin

, ,

, Super Admin

System Admin

Operations, , ANC,

  ANC ,

External RESTful Services (ERS) Admin

REST API Cisco ISE

, , (SG)

External RESTful Services (ERS) Operator

REST API Cisco ISE

, , (SG)

Figure 11. Groupes d'administrateurs Cisco ISE prédéfinis
11. Cisco ISE

8) Authorization > Permissions > RBAC Policy .

Figure 12. Gestion des privilèges des profils d'administrateur Cisco ISE prédéfinis
12. Cisco ISE

9) Administration > System > Settings (DNS, NTP, SMTP ). , .

5.

. NAC Cisco ISE, , , .

, Microsoft Active Directory, .

, .

(TelegramFacebookVKTS Solution Blog.).




All Articles