Clever Geek Handbook

思科ISE:简介,要求,安装。第1部分

1.简介

, , ( ). , RADIUS, TACACS+ DIAMETER. , : BYOD , , .

NAC (Network Access Control) - . , Cisco ISE (Identity Services Engine) - NAC , , , .

, Cisco ISE :

  • WLAN;

  • BYOD (, , );

  • SGT ( TrustSec);

  • (posturing);

  • ;

  • ;

  • logon/logoff , (identity) NGFW user-based ;

  • Cisco StealthWatch , ();

  • .

Cisco ISE , : Cisco ISE, Cisco ISE.

2.

Identity Services Engine 4 (): (Policy Administration Node), (Policy Service Node), (Monitoring Node) PxGrid (PxGrid Node). isco ISE (standalone) (distributed) . Standalone (Secure Network Servers - SNS), Distributed - .

Policy Administration Node (PAN) - , Cisco ISE. , . ( ) PAN - Active/Standby .

Policy Service Node (PSN) - , , , , . PSN . , PSN , , . , , .

Monitoring Node (MnT) - , , . MnT , , . Cisco ISE MnT , - Active/Standby . , , , .

PxGrid Node (PXG) - , PxGrid , PxGrid.

PxGrid  - , - - : , , . Cisco PxGrid API, TrustSec (SGT ), ANC (Adaptive Network Control) , - , , .

PxGrid PAN. , PAN , PxGrid , . 

Cisco ISE .

图1.思科ISE体系结构
1. Cisco ISE

3.

Cisco ISE , . 

Cisco ISE SNS (Secure Network Server). : SNS-3615, SNS-3655 SNS-3695 , . 1 SNS.

1. SNS

SNS 3615 (Small)

SNS 3655 (Medium)

SNS 3695 (Large)

Standalone

10000

25000

50000

PSN

10000

25000

100000

CPU (Intel Xeon 2.10 )

8

12

12

RAM 

32 (2 x 16 )

96 (6 x 16 )

256 (16 x 16 )

HDD

1 600

4 600

8 600

Hardware RAID

RAID 10, RAID

RAID 10, RAID

2 10Gbase-T

4 1Gbase-T 

2 10Gbase-T

4 1Gbase-T 

2 10Gbase-T

4 1Gbase-T

, VMware ESXi ( VMware 11 ESXi 6.0), Microsoft Hyper-V Linux KVM (RHEL 7.0). , , . , : 2 CPU 2.0 , 16 RAM 200 HDD. 

Cisco ISE №1, №2.

4.

Cisco, ISE :

  • dcloud – ( Cisco);

  • GVE request Cisco ( ). : Product type [ISE], ISE Software [ise-2.7.0.356.SPA.x8664], ISE Patch  [ise-patchbundle-2.7.0.356-Patch2-20071516.SPA.x8664];

  • - .

1) , ISO , OVA , , ISE . "setup"!

: ISE OVA , admin / MyIseYPass2 ( ).

图2.安装Cisco ISE
2. Cisco ISE

2) , IP-, DNS, NTP .

图3.初始化Cisco ISE
3. Cisco ISE

3) , - IP-.

图4.思科ISE Web界面
4. - Cisco ISE

4) Administration > System > Deployment , () . PxGrid .

图5.思科ISE实体管理
5. Cisco ISE

5) Administration > System > Admin Access > Authentication , ( ), .

图6.配置身份验证类型
6.
图7.密码策略设置
7.
图8.配置时间到期后关闭帐户
8.
图9.配置帐户锁定
9.

6) Administration > System > Admin Access > Administrators > Admin Users > Add .

图10.创建本地Cisco ISE管理员
10. Cisco ISE

7) . Admin Groups. 2 ISE, .

2. Cisco ISE, ,

Customization Admin

, ,

,

Helpdesk Admin

, ,

, ,

Identity Admin

, , ,

,

MnT Admin

, , ,

Network Device Admin

, ISE, , ,

,

Policy Admin

, , ,

, ISE

RBAC Admin

Operations, ANC ,

  ANC ,

Super Admin

, ,

, Super Admin

System Admin

Operations, , ANC,

  ANC ,

External RESTful Services (ERS) Admin

REST API Cisco ISE

, , (SG)

External RESTful Services (ERS) Operator

REST API Cisco ISE

, , (SG)

图11.预设Cisco ISE管理员组
11. Cisco ISE

8) Authorization > Permissions > RBAC Policy .

图12.预设Cisco ISE管理员配置文件的权限管理
12. Cisco ISE

9) Administration > System > Settings (DNS, NTP, SMTP ). , .

5.

. NAC Cisco ISE, , , .

, Microsoft Active Directory, .

, .

(TelegramFacebookVKTS Solution Blog.).



More articles:


All Articles