Scribd Logo
Upload

Welcome to Scribd!

  • Cisco ISE Architecture

    Uploaded by

    ridwan faris
    20 views26 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views26 pages

    Cisco ISE Architecture

    Uploaded by

    ridwan faris

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    Cisco ISE Architecture

    July 2022

    Div. Service Delivery Activation


    Dept. ICT Infrastructure –
    Del & Ops-Div. ICT Delivery & Ops

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    About me

    Achmad Faesal
    Computer Degree – Budi Luhur University (2008 – 2014)
    achmad.faesal.34@gmail.com / achmad.faesal@ioh.co.id
    +62 858 1136 9575
    www.linkedin.com/in/acfaesal/

    Experience
    ▪ 4 Years in Telco Network
    ▪ 3+ Years in Enterprises Network (Network & Security)
    ▪ 2 Years in Oil and Gas Company Network (Onshore & Offshore)

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Agenda
    • Overview
    • ISE Personas & Appliances
    • ISE Deployment
    • Network Devices Administration
    • Identity Sources
    • Study Case

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Agenda
    • Overview
    • ISE Personas & Appliances
    • ISE Deployment
    • Network Devices Administration
    • Identity Sources
    • Study Case

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Overview of Cisco ISE

    Cisco ISE
    • Network Access Control
    • Policy Enforcement Platform

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Agenda
    • Overview
    • ISE Personas & Appliances
    • ISE Deployment
    • Network Devices Administration
    • Identity Sources
    • Study Case

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    ISE Personas & Appliances

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    ISE Personas & Appliances (cont.)

    ISE Appliances Option

    Appliance Virtual Machines

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Agenda
    • Overview
    • ISE Personas & Appliances
    • ISE Deployment
    • Network Devices Administration
    • Identity Sources
    • Study Case

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    ISE Multi-Node Deployment

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    ISE Multi-Node Deployment (cont.)

    • Applies to both physical and virtual deployment


    • Compatible with load balancers

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    ISE Multi-Node Deployment (cont.)

    Standalone / Small Deployment

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    ISE Multi-Node Deployment (cont.)

    Medium Deployment

    DC DRC

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    ISE Multi-Node Deployment (cont.)

    Large Deployment

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Agenda
    • Overview
    • ISE Personas & Appliances
    • ISE Deployment
    • Network Devices Administration
    • Identity Sources
    • Study Case

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Network Devices Administration

    Different Access Based on Role

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Network Devices Administration (cont.)

    Authorization Options (Privileges and Permissions)

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Network Devices Administration (cont.)

    Device Administration policy best practice

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Agenda
    • Overview
    • ISE Personas & Appliances
    • ISE Deployment
    • Network Devices Administration
    • Identity Sources
    • Study Case

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Identity Sources

    Internal Identity Source


    ▪ ISE Internal Identity

    External Identity Source


    ▪ Active Directory
    ▪ LDAP Servers
    ▪ SQL Server
    ▪ Postgre SQL

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Agenda
    • Overview
    • ISE Personas & Appliances
    • ISE Deployment
    • Network Devices Administration
    • Identity Sources
    • Study Case

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Study Case - Wired

    Wired Access

    Wired Connection Using 802.1X


    ▪ Finance are connected to
    Switch A using VLAN 30

    ▪ HR are connected to Switch B


    using VLAN 40

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Study Case - Wireless

    Wireless on Enterprise Network

    Wireless Connection
    ▪ Employee Using 802.1X
    ▪ Internal & Internet

    ▪ Guest Using Mac


    Authentication Bypass (MAB)
    Authentication
    Internet Traffic ▪ Internet Only

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Study Case – Wireless (cont.)

    Guest Point of View

    *Actual user experience may vary depending on ISE Portal setting


    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id
    Study Case - VPN

    VPN Access

    VPN Access Policy


    ▪ Employee users have unlimited
    access to all internal servers

    ▪ External users have limited access


    to particular servers

    User Groups Authentication Server A Server B


    Employee VPN – Passed Permit Permit
    External VPN – Passed Deny Permit

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id


    Thank you

    © Indosat Ooredoo Hutchison 2022 - www.ioh.co.id

    You might also like