Cisco ISE 2.0 – Employee Authentication Based on 802.1x (User auth)

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).ISEimage
For more guides about configuring (previous) Cisco ISE, see this page.This is part 2, creating authentication and authorization policies.
Create authentication policy

  1. Navigate to Policy, Authentication
  2. Edit, Wired_802.1X to include Wireless_802.1X, and select “ehlo.lan” domain store.

Read more

Cisco ISE Part 5: Configuring wired network devices

This is a Cisco ISE blog post series with some how-to’s for configuring the ISE deployment, This blog post series exists of 10 parts.
The blogpost Agenda:
Part 1: introduction
Part 2: installation
Part 3: Active Directory
Part 4: High Availability
Part 5: Configuring wired network devices
Part 6: Policy enforcement and MAB
Part 7: Configuring wireless network devices
Part 8: Inline posture and VPN
Part 9: Guest and web authentication
Part 10: Profiling and posture
This week, part 5: Configuring wired network devices
First some terminology and guidelines:
Single host mode / Multi host mode. This defines 1 or multiple hosts on the switchport. Only the first device needs authentication.
Ports are authenticated first before any other traffic can pass.
802.1x is disabled in a SPAN port configuration, trunk ports, dynamic ports, dynamic access ports and etherchannels.
The windows client configuration can be pushed by a GPO. Configuration of this GPO is out of scope for this blog.
First, add the RADIUS clients in the ISE deployment.
Click: Administration – Network Resources – Network Devices and click Add. Enter the requested information:
Radius client1
Radius client2
Read more