Scribd
Upload
199 views26 pages

Cisco ISE Architecture

Uploaded by

ridwan faris
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
199 views26 pages

Cisco ISE Architecture

Uploaded by

ridwan faris
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Cisco ISE Architecture

July 2022

Div. Service Delivery Activation


Dept. ICT Infrastructure –
Del & Ops-Div. ICT Delivery & Ops

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


About me

Achmad Faesal
Computer Degree – Budi Luhur University (2008 – 2014)
achmad.faesal.34@gmail.com / achmad.faesal@ioh.co.id
+62 858 1136 9575
www.linkedin.com/in/acfaesal/

Experience
▪ 4 Years in Telco Network
▪ 3+ Years in Enterprises Network (Network & Security)
▪ 2 Years in Oil and Gas Company Network (Onshore & Offshore)

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Overview of Cisco ISE

Cisco ISE
• Network Access Control
• Policy Enforcement Platform

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


ISE Personas & Appliances

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


ISE Personas & Appliances (cont.)

ISE Appliances Option

Appliance Virtual Machines

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


ISE Multi-Node Deployment

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


ISE Multi-Node Deployment (cont.)

• Applies to both physical and virtual deployment


• Compatible with load balancers

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


ISE Multi-Node Deployment (cont.)

Standalone / Small Deployment

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


ISE Multi-Node Deployment (cont.)

Medium Deployment

DC DRC

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


ISE Multi-Node Deployment (cont.)

Large Deployment

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Network Devices Administration

Different Access Based on Role

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Network Devices Administration (cont.)

Authorization Options (Privileges and Permissions)

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Network Devices Administration (cont.)

Device Administration policy best practice

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Identity Sources

Internal Identity Source


▪ ISE Internal Identity

External Identity Source


▪ Active Directory
▪ LDAP Servers
▪ SQL Server
▪ Postgre SQL

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Agenda
• Overview
• ISE Personas & Appliances
• ISE Deployment
• Network Devices Administration
• Identity Sources
• Study Case

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Study Case - Wired

Wired Access

Wired Connection Using 802.1X


▪ Finance are connected to
Switch A using VLAN 30

▪ HR are connected to Switch B


using VLAN 40

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Study Case - Wireless

Wireless on Enterprise Network

Wireless Connection
▪ Employee Using 802.1X
▪ Internal & Internet

▪ Guest Using Mac


Authentication Bypass (MAB)
Authentication
Internet Traffic ▪ Internet Only

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Study Case – Wireless (cont.)

Guest Point of View

*Actual user experience may vary depending on ISE Portal setting


© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id
Study Case - VPN

VPN Access

VPN Access Policy


▪ Employee users have unlimited
access to all internal servers

▪ External users have limited access


to particular servers

User Groups Authentication Server A Server B


Employee VPN – Passed Permit Permit
External VPN – Passed Deny Permit

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


Thank you

© Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy