Clever Geek Handbook

Cisco ISE: Introducción, requisitos, instalación. Parte 1

1. Introducción

, , ( ). , RADIUS, TACACS+ DIAMETER. , : BYOD , , .

NAC (Network Access Control) - . , Cisco ISE (Identity Services Engine) - NAC , , , .

, Cisco ISE :

  • WLAN;

  • BYOD (, , );

  • SGT ( TrustSec);

  • (posturing);

  • ;

  • ;

  • logon/logoff , (identity) NGFW user-based ;

  • Cisco StealthWatch , ();

  • .

Cisco ISE , : Cisco ISE, Cisco ISE.

2.

Identity Services Engine 4 (): (Policy Administration Node), (Policy Service Node), (Monitoring Node) PxGrid (PxGrid Node). isco ISE (standalone) (distributed) . Standalone (Secure Network Servers - SNS), Distributed - .

Policy Administration Node (PAN) - , Cisco ISE. , . ( ) PAN - Active/Standby .

Policy Service Node (PSN) - , , , , . PSN . , PSN , , . , , .

Monitoring Node (MnT) - , , . MnT , , . Cisco ISE MnT , - Active/Standby . , , , .

PxGrid Node (PXG) - , PxGrid , PxGrid.

PxGrid  - , - - : , , . Cisco PxGrid API, TrustSec (SGT ), ANC (Adaptive Network Control) , - , , .

PxGrid PAN. , PAN , PxGrid , . 

Cisco ISE .

Figura 1. Arquitectura de Cisco ISE
1. Cisco ISE

3.

Cisco ISE , . 

Cisco ISE SNS (Secure Network Server). : SNS-3615, SNS-3655 SNS-3695 , . 1 SNS.

1. SNS

SNS 3615 (Small)

SNS 3655 (Medium)

SNS 3695 (Large)

Standalone

10000

25000

50000

PSN

10000

25000

100000

CPU (Intel Xeon 2.10 )

8

12

12

RAM 

32 (2 x 16 )

96 (6 x 16 )

256 (16 x 16 )

HDD

1 600

4 600

8 600

Hardware RAID

RAID 10, RAID

RAID 10, RAID

2 10Gbase-T

4 1Gbase-T 

2 10Gbase-T

4 1Gbase-T 

2 10Gbase-T

4 1Gbase-T

, VMware ESXi ( VMware 11 ESXi 6.0), Microsoft Hyper-V Linux KVM (RHEL 7.0). , , . , : 2 CPU 2.0 , 16 RAM 200 HDD. 

Cisco ISE №1, №2.

4.

Cisco, ISE :

  • dcloud – ( Cisco);

  • GVE request Cisco ( ). : Product type [ISE], ISE Software [ise-2.7.0.356.SPA.x8664], ISE Patch  [ise-patchbundle-2.7.0.356-Patch2-20071516.SPA.x8664];

  • - .

1) , ISO , OVA , , ISE . "setup"!

: ISE OVA , admin / MyIseYPass2 ( ).

Figura 2. Instalación de Cisco ISE
2. Cisco ISE

2) , IP-, DNS, NTP .

Figura 3. Inicialización de Cisco ISE
3. Cisco ISE

3) , - IP-.

Figura 4. Interfaz web de Cisco ISE
4. - Cisco ISE

4) Administration > System > Deployment , () . PxGrid .

Figura 5. Administración de entidades de Cisco ISE
5. Cisco ISE

5) Administration > System > Admin Access > Authentication , ( ), .

Figura 6. Configuración del tipo de autenticación
6.
Figura 7. Configuración de la política de contraseñas
7.
Figura 8. Configurar el cierre de la cuenta después de que expire el tiempo
8.
Figura 9. Configurar el bloqueo de la cuenta
9.

6) Administration > System > Admin Access > Administrators > Admin Users > Add .

Figura 10. Creación de un administrador local de Cisco ISE
10. Cisco ISE

7) . Admin Groups. 2 ISE, .

2. Cisco ISE, ,

Customization Admin

, ,

,

Helpdesk Admin

, ,

, ,

Identity Admin

, , ,

,

MnT Admin

, , ,

Network Device Admin

, ISE, , ,

,

Policy Admin

, , ,

, ISE

RBAC Admin

Operations, ANC ,

  ANC ,

Super Admin

, ,

, Super Admin

System Admin

Operations, , ANC,

  ANC ,

External RESTful Services (ERS) Admin

REST API Cisco ISE

, , (SG)

External RESTful Services (ERS) Operator

REST API Cisco ISE

, , (SG)

Figura 11. Grupos de administradores de Cisco ISE predeterminados
11. Cisco ISE

8) Authorization > Permissions > RBAC Policy .

Figura 12. Administración de privilegios de perfiles de administrador de Cisco ISE predeterminados
12. Cisco ISE

9) Administration > System > Settings (DNS, NTP, SMTP ). , .

5.

. NAC Cisco ISE, , , .

, Microsoft Active Directory, .

, .

(TelegramFacebookVKTS Solution Blog.).



More articles:


All Articles