Cisco :: Deploying Monitor Mode with Cisco ISE -

Cisco :: Deploying Monitor Mode with Cisco ISE

Post author:iwiizkiid
Post published:23/12/2018
Post category:ISE
Post comments:0 Comments
Post last modified:06/02/2019
Reading time:2 mins read

In this video session we take a look at how to configure ISE and switches for monitor mode for secure network access control.

The following video demonstrates IBNS 1.0 configurations, I will be doing a video on IBNS 2.0 soon so please keep a look out on my blog.

Below is the configuration output omitted from the switch used in the video demonstration.

Output ommitted....
ACCESS-SW1#show run
!
aaa new-model
!
aaa group server radius ISE
 server name ISE1
 ip radius source-interface Vlan99
!
aaa authentication login default enable local
aaa authentication dot1x default group ISE
aaa authorization network default group ISE 
aaa accounting update newinfo periodic 2800
aaa accounting dot1x default start-stop group ISE
!
dot1x system-auth-control
!
interface GigabitEthernet1/0/1
 description DATA-PORT
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 authentication host-mode multi-auth
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
!
interface Vlan10
 ip address 172.16.10.3 255.255.255.0
 ip helper-address 172.16.10.1
!
interface Vlan99
 ip address 172.16.0.5 255.255.255.0
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
!
radius server ISE1
 address ipv4 172.16.0.254 auth-port 1812 acct-port 1813
 key iselab
!

Tags: #LabEveryday, Cisco, Cisco ISE, deploy ISE, Deploy ISE monitor mode, Deploying Monitor Mode with Cisco ISE, IBNS 1.0, Identity Services Engine, ISE, ISE monitor mode, network wizkid

iwiizkiid

Kelvin is a Cyber Security professional with years and experience working with organisations in different verticals, both large and small. He enjoys contributing to the Network Wizkid knowledge base and he also creates technical content. Kelvin enjoys learning new things and often does this by working on achieving new technical certifications. He holds many professional certifications and academically, he has achieved a Bachelors and Master's degree in both Computer Networks and Cyber Security.