802.1x

The video takes you through an upgrade procedure from Cisco ISE 1.1 to 1.2. We will go over some upgrade considerations and pre-requisites and also make sure you are aware of any caveats. Our lab starts with a functioning ISE 1.1 setup, and we will make comparison to the system after being upgraded to ISE 1.2. Although this lab video is for a standalone system, a lot of our discussions and demonstration here also apply to a distributed deployment.

The video takes you through an upgrade procedure from Cisco ISE 1.1 to 1.2. We will go over some upgrade considerations and pre-requisites and also make sure you are aware of any caveats. Our lab starts with a functioning ISE 1.1 setup, and we will make comparison to the system after being upgraded to ISE 1.2. Although this lab video is for a standalone system, a lot of our discussions and demonstration here also apply to a distributed deployment.

The video shows you how to configure wireless 802.1X on Cisco ACS 5.4 using PEAP and EAP-TLS. We will perform both machine and user authentications, and enforce successful machine authentication using Machine Access Restriction (MAR). We will introduces MAR Cache distribution, which is a feature introduced in ACS 5.4. For authentication, we will attempt both using AD login credential (PEAP) and client-based certificate (EAP-TLS).

Part 1 of the video focuses on configuration on the ACS.

The video demonstrate how Cisco ISE EAP Chaining can solve caveats on user and machine authentication inherent to Windows native supplicant. In part 1 of this video, we will steps through necessary authentication and authorization policies configurations to support EAP Chaining for both wired and wireless. In part 2, we will go through configuration on NAM Profile Editor to create a .xml file that will be used by the NAM module to gain network access. The video ends with wired and wireless testing and seeing how EAP Chaining appears in authentication log on Cisco ISE.

The video demonstrate how Cisco ISE EAP Chaining can solve caveats on user and machine authentication inherent to Windows native supplicant. In part 1 of this video, we will steps through necessary authentication and authorization policies configurations to support EAP Chaining for both wired and wireless. In part 2, we will go through configuration on NAM Profile Editor to create a .xml file that will be used by the NAM module to gain network access. The video ends with wired and wireless testing and seeing how EAP Chaining appears in authentication log on Cisco ISE.

The video presents one of possible methods to tag an iDevice (eg. iPhone, iPad) as a corporate asset using a certificate. We will walk through a profile creation using an iPhone Configuration Utility and installation on an iDevice. We will be observing a device requesting a certificate through SCEP, and, once obtained, perform wireless authentication using EAP-TLS against Cisco ISE. Authorization conditions will be constructed to look for a specific Common Name (CN) on the certificate, and appropriate access will be granted upon a match. iPhone will be used for testing in this video.

The video walks you through configuration of wireless 802.1X using EAP-TLS on Cisco ISE. We will look how to configure authentication and authorization policies to support both user and machine authentication, how to restrict network access with DACL, and how to use Machine Access Restriction (MAR) to correlate user and machine sessions to ensure a user can access the network only from a domain (corporate) computer. We will perform testing from both domain, non-domain computers, and iPhone, and observe the authentication results.