Cisco :: Deploying Monitor Mode with Cisco ISE

In this video session we take a look at how to configure ISE and switches for monitor mode for secure network access control.

The following video demonstrates IBNS 1.0 configurations, I will be doing a video on IBNS 2.0 soon so please keep a look out on my blog.

Below is the configuration output omitted from the switch used in the video demonstration.

Output ommitted....
ACCESS-SW1#show run
aaa new-model
aaa group server radius ISE
 server name ISE1
 ip radius source-interface Vlan99
aaa authentication login default enable local
aaa authentication dot1x default group ISE
aaa authorization network default group ISE 
aaa accounting update newinfo periodic 2800
aaa accounting dot1x default start-stop group ISE
dot1x system-auth-control
interface GigabitEthernet1/0/1
 description DATA-PORT
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 authentication host-mode multi-auth
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
interface Vlan10
 ip address
 ip helper-address
interface Vlan99
 ip address
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
radius server ISE1
 address ipv4 auth-port 1812 acct-port 1813
 key iselab

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: