Professional Documents
Culture Documents
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
© 2021 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1 Scenarios 1
Network Visibility 1
View Live Authentications 7
ISE Authentication and Authorization Policy 9
Network Visibility
The first step to securing any network is to understand what exists. Once you understand this, you can take
steps to further educate yourself or your team in order to make informed decisions about what you should do
next.
When we first login into the system we are presented with the ISE Home > Summary dashboard which has
metrics for the Total number of unique endpoints ISE has ever seen, how many of those are currently Active
on the network and how many are Guests.
Procedure
Step 1 Review the Summary panels to see the percentage breakdowns of Authentications, Network Devices and
Endpoints.
Example:
Step 2 Hover over the donut wedges and labels to see the count of each category or type.
Example:
Step 3 Use the tabs within the panels to pivot to different views of the same information.
Example:
Step 4 To view additional details about any of the sections of the graphic, click on the donut wedges or categories
to drill down and filter on the details behind the summary data. A new tab will open with the filtered results.
Close the tab when you are finished viewing the data.
Example:
Remember that Vulnerability and Threat dashboards will NOT be populated because the Instant demo does
not have these security integrations. You may still want to show these to your customers and discuss how
integrating ISE with these types of security products could let them see these devices and even Quarantine
them with Rapid Threat Containment.
Using these dashboard views, you can get a baseline understanding of your network in terms of being able to
both Who and What is Where on the network. Once you have this level of visibility, you can begin to make
educated policy decisions about unexpected devices, unregistered assets, potential risks and the need for
segmentation.
Procedure
Step 2 You can adjust the update frequency, number of records and window that you view.
Example:
Note Setting the update frequency too low can make it difficult to filter items due to the screen refreshes.
Step 3 Notice all of the details about When, What, Who, Where and How subjects were authenticated to the network.
Example:
Step 4 If you want to know Why something matched a specific Authentication or Authorization Policy, simply click
on the Authentication Details icon
( )
to get the Overview, Authentication Details, Attributes, Authorization Result and then view the Steps
that ISE completed when evaluating its policies.
This can be helpful for troubleshooting.
Example:
Procedure
Step 1 In ISE, navigate to Policy > Policy Sets to see all policy sets.
Step 2 Click on the View arrow
( )
for the Default policy set to see its Authentication and Authorization policies.
Step 3 Authentication Policies can be made very granular with Conditions, down to a specific user or endpoint.
They are generally used to filter authentications by NAD profiles (hardware functionality), access methods
(wired, wireless, VPN), authentication types (802.1X, MAB), authentication protocols (PEAP-MSCHAPv2,
EAP-TLS), or Identity Stores (internal, AD, token, etc.).
Example:
Step 4 Review some of the Authorization Profiles to understand how the NAD attributes, Authentication method,
Identity groups, endpoint attributes and other information can all be tied together to result in a specific
Authorization Profile.
Example:
IOT endpoints like surveillance cameras:
And note the Default authorization if there are no other policy matches: