Cisco ISE Part 6: Policy enforcement and MAB

This is a Cisco ISE blog post series with some how-to’s for configuring the ISE deployment, This blog post series exists of 10 parts.
The blogpost Agenda:
Part 1: introduction
Part 2: installation
Part 3: Active Directory
Part 4: High Availability
Part 5: Configuring wired network devices
Part 6: Policy enforcement and MAB
Part 7: Configuring wireless network devices
Part 8: Inline posture and VPN
Part 9: Guest and web authentication
Part 10: Profiling and posture
This week, part 6: Policy enforcement and MAB
Policy enforcement in Cisco ISE is based on authentication en authorization.
Some authentication protocols:

  • pap
  • chap
  • ms-chapv1/2
  • eap-md5
  • eap-tls
  • leap
  • peap
  • eap-fast

Authorization can exist of:

  • DACL
  • VLAN
  • webauth
  • smartport
  • MACsec
  • WLC ACL
  • NEAT
  • Filter-ID
  • reauth timer

Authentication policy: defines to protocols ISE is using to communicate with network devices
Policy: set of conditions
Condition: a rule with true of false as response
The result of an authentication policy is the identity method. It can be any one of the following:
Read more