In this video session we take a look at how to configure ISE and switches for monitor mode for secure network access control.
The following video demonstrates IBNS 1.0 configurations, I will be doing a video on IBNS 2.0 soon so please keep a look out on my blog.
Below is the configuration output omitted from the switch used in the video demonstration.
Output ommitted....
ACCESS-SW1#show run
!
aaa new-model
!
aaa group server radius ISE
server name ISE1
ip radius source-interface Vlan99
!
aaa authentication login default enable local
aaa authentication dot1x default group ISE
aaa authorization network default group ISE
aaa accounting update newinfo periodic 2800
aaa accounting dot1x default start-stop group ISE
!
dot1x system-auth-control
!
interface GigabitEthernet1/0/1
description DATA-PORT
switchport access vlan 10
switchport mode access
switchport voice vlan 20
authentication host-mode multi-auth
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast
!
interface Vlan10
ip address 172.16.10.3 255.255.255.0
ip helper-address 172.16.10.1
!
interface Vlan99
ip address 172.16.0.5 255.255.255.0
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
!
radius server ISE1
address ipv4 172.16.0.254 auth-port 1812 acct-port 1813
key iselab
!