test aaa group radius user it1 cisco new-code
ISE Policies: Authentication, Authorization, Profiling, Posture, Client Provisioning, SGA
Policy Elements: Dictionaries, Conditions, Results
If Condition Then Result
Dictionary is a predefined set of conditions <-> result
Authentication Policy
Types
Components:
External authentication:
ISE PSNs need to be joined to the Active Directory, so it will relay on DNS and local Domain Controllers depending on the Site configuration.
Top-Down list of rules.
Default rule allows all access.
Downloadable ACLs
Security Group Access – Security Group Tagging
Cisco Proprietary
Tags are added after the 802.1Q information in the Ethernet frame.
Network Access Device will tag the L2 packets from the endpoint based on the ISE authorization policy. The tags will be used in Security Group ACLs around the network to allow or block access to the resources.
SXP – Secure Exchange Protocol (TCP). It’s used when middle devices don’t support SGT. A tunnel is created between SGT supported devices bypassing the non supported device.
Cisco TrustSec switch configuration:
radius server ISE-PAC
endpoint security eset endpoint security cloudTAGS
CATEGORIES