user – InfraWorld

Cisco ISE 2.0 – Employee Authentication Based on 802.1x (User auth)

May 24, 2016 Rob Rademakers Leave a comment

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).
For more guides about configuring (previous) Cisco ISE, see this page.This is part 2, creating authentication and authorization policies.
Create authentication policy

Navigate to Policy, Authentication
Edit, Wired_802.1X to include Wireless_802.1X, and select “ehlo.lan” domain store.

ISE
Security

Cisco ISE 2.0 Active Directory & Radius

April 28, 2016 Rob Rademakers Leave a comment

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).
ISEimage For more guides about configuring (previous) Cisco ISE, see this page.This is part 1, the prerequisites before you can start configuring any authentication method.
Add ISE to Active Directory domain
Login into ISE and add ISE to the Active Directory domain by following these steps:
Read more

ISE
Security

Cisco WSA Policies

November 11, 2014 Rob Rademakers Leave a comment

In this and other posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda:
Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware
This is the 4th part of the series.
Creating policies is one the major (en most fun) part of the WSA. In this blog I’ll cover the configuration of access policies and identities.
Click Web Security Manager > Access Policies

Only one policy can be applied. This is based on first match (top-down). If no policy matches, the Global Policy will be used.
First, you have to create a identity. An identity doesn’t identify a user, but it identifies a client or transaction that may require authentication. Identity membership is determined before authentication is done. Policy group membership is determined after authentication is performed.
Click Web Security Manager > Identities > add identity and create the identity, based on IP’s ip ranges or IP subnets. Possible identities are:

Kiosk users
Update agents
Company users

How to: Cisco WLC Tacacs/radius for management

April 23, 2013 Rob Rademakers Leave a comment

It took some time this morning for configuring a RADIUS or TACACS server for management access to a Cisco WLC. So, let’s write a short how-to:

Login into the WLC and click Security – AAA – TACACS+ (or Radius) – Authentication
Click New and enter:
- Server IP Address – IP address of the TACACS server
- Shared secret – The configured shared secret on the TACACS server
If you’re using TACACS, click Authorization and enter the same Server IP address and Shared Secret. Configuring accounting is optional
Click Security – Priority order – Management user and make sure TACACS (or radius) is in top of the list

Wireless