Identity Services Engine Network Access Control Demonstration Lab

1 Launch
Solution Overview
Cisco Identity Services Engine (ISE) is a Network Access Control (NAC) and security policy management solution. ISE utilizes available network information such as network identity, external authorization, device fingerprinting, security posture status and a number of other criteria to provide contextually based security policy decisions. Cisco ISE uses the network edge to ensure those policy decisions are enforced at the point of entry. Additionally, ISE uses a continual stream of information and re-authorization to ensure network-connected endpoints remain in compliance and the most applicable entitlements are being enforced.

Goals & Objectives

This scheduled lab provides a guided overview and demonstration of Cisco ISE and its core access control functions. This is the best place to start for a general walk through of ISE policy management, 802.1x and supporting capabilities.

This lab is intended to demonstrate the following:
  • 802.1x-based access control.
  • MAC authentication bypass.
  • Centralized Web Authentication.
  • Common policy enforcement capabilities.
  • Use of external identity sources.
  • Flexible authentication scenarios.
  • Policy creation, organization and management.
  • Network visibility and reporting.

Hardware & Software

This lab consists of the following hardware and software:
  • 1x Cisco ISE Server - PAN/MNT (version 2.4).
  • 1x Cisco ISE Server - PSN dedicated to PXGRID (version 2.4).
  • 1x Cisco ISE Server - PSN (version 2.4).
  • 2x Microsoft Windows Active Directory Controllers (Win Server 2016).
  • 1x Microsoft Windows Active Directory Certificate Authority (Win Server 2016).
  • 2x Windows 7 client endpoints.
  • 1x Cisco Catalyst 3850 switch.