Cisco ISE Part 6: Policy enforcement and MAB
This is a Cisco ISE blog post series with some how-to’s for configuring the ISE deployment, This blog post series exists of 10 parts.
The blogpost Agenda:
Part 1: introduction
Part 2: installation
Part 3: Active Directory
Part 4: High Availability
Part 5: Configuring wired network devices
Part 6: Policy enforcement and MAB
Part 7: Configuring wireless network devices
Part 8: Inline posture and VPN
Part 9: Guest and web authentication
Part 10: Profiling and posture
This week, part 6: Policy enforcement and MAB
Policy enforcement in Cisco ISE is based on authentication en authorization.
Some authentication protocols:
- pap
- chap
- ms-chapv1/2
- eap-md5
- eap-tls
- leap
- peap
- eap-fast
Authorization can exist of:
- DACL
- VLAN
- webauth
- smartport
- MACsec
- WLC ACL
- NEAT
- Filter-ID
- reauth timer
Authentication policy: defines to protocols ISE is using to communicate with network devices
Policy: set of conditions
Condition: a rule with true of false as response
The result of an authentication policy is the identity method. It can be any one of the following:
Read more