{"id":1239,"date":"2020-11-18T22:36:18","date_gmt":"2020-11-18T22:36:18","guid":{"rendered":"https:\/\/www.balajibandi.com\/?p=1239"},"modified":"2020-11-18T22:36:56","modified_gmt":"2020-11-18T22:36:56","slug":"ise-2-x-learning-and-explore-more-features","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=1239","title":{"rendered":"ISE  2.X Learning and explore more features"},"content":{"rendered":"\n<p>As i was workiend 1.X Long Long and discontinued due that i have to working AWS cloud Service for 2-3 years for a Client.<\/p>\n\n\n\n<p>Once I got back I had worked little time 2.2 for the short term, then moved to the organization, still Holding ACS 4.X  and 5.8 ( tried many times promote ISE as demo models to protect some devices which have no control, I failed to win that confidence from the organization I work for).<\/p>\n\n\n\n<p>I have been supporting and doing many many scenario Labs, not got a chance to write one good document, its time for ISE, since we hear marketing term from cisco now called &#8220;SD-Access&#8221; &#8211; which has major requirement of ISE , since ISE center focus interms of Scalable Groups and Identity &#8211; so refreshing my knowledege by writing this document and couple of new features to test in next blog while i am doing some Labs.<\/p>\n\n\n\n<p>Below diagram give you one stop which tell what is ISE ( still not sure what ISE, go back to basic ISE information &#8211; may be wrong blog for newbies)<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"537\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-21-1024x537.png\" alt=\"\" class=\"wp-image-1240\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-21-1024x537.png 1024w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-21-300x157.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-21-768x403.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-21-705x370.png 705w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-21.png 1333w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>What ISE can do ?<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"684\" height=\"622\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-22.png\" alt=\"\" class=\"wp-image-1242\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-22.png 684w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-22-300x273.png 300w\" sizes=\"auto, (max-width: 684px) 100vw, 684px\" \/><\/figure>\n\n\n\n<p>High level Solution Overview<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"515\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-23-1024x515.png\" alt=\"\" class=\"wp-image-1247\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-23-1024x515.png 1024w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-23-300x151.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-23-768x386.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-23-1536x772.png 1536w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-23-705x354.png 705w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-23.png 1711w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Selecting the RIGHT Model of the ISE device for your deployment.<\/p>\n\n\n\n<p>Note : Make sure you spend some time on this and decide what model your required for your environment.<\/p>\n\n\n\n<p>*Personally stay away from VM, &#8211; this will not give you as expected results, until you are dedicate resouces and Lock CPU &#8211; but it will be shared in esxi &#8211; never seen ISE or FMC Performs as expected like appliance Cisco build &#8211; DO  NOT WASTE TIME think of VM.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"628\" height=\"434\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-24.png\" alt=\"\" class=\"wp-image-1248\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-24.png 628w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-24-300x207.png 300w\" sizes=\"auto, (max-width: 628px) 100vw, 628px\" \/><\/figure>\n\n\n\n<p>Hardware Performance PSN<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"651\" height=\"238\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-25.png\" alt=\"\" class=\"wp-image-1249\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-25.png 651w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-25-300x110.png 300w\" sizes=\"auto, (max-width: 651px) 100vw, 651px\" \/><\/figure>\n\n\n\n<p>How ISE can Adapt to Enviroment &#8211; From Scratch.<\/p>\n\n\n\n<p>ISE required good planning &#8211; not like build the node it done miracles as expected.<\/p>\n\n\n\n<p>I follow most experience steps &#8211; Once ISE Build and integrated with your environment. Start with<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Device Admin &#8211; which replaces your ACS with ISE for Role based access for the Devices in the network.<\/li><li>Guest and Secure Wireless Access &#8211; this will secure your Guest users and your Corporate Wireless access.<\/li><li>Asset Visibility &#8211; this will give you clear picture of environment what devices in the network and it will give you ability to make and plan &#8211; right VN ( DNAC ) &#8211; both macro and micro segmentation planning.<\/li><li>Secured Wired Access &#8211; This will closed down your wired access with Dot1.X deployment &#8211; suggest to start with Low effected area to Critical area &#8211; not to do mass deployment.  <ol><li>4.1 &#8211; here you can introduce &#8211; Threat containment &#8211; for more securty visibility.<\/li><\/ol><\/li><li>BYOD &#8211; You can start planning &#8211; any non-authorised devices can get in to network and what kind of access can get back on the profiles.<\/li><li>Segementation &#8211; this where your VN, Scalable Group come to play.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"817\" height=\"379\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-28.png\" alt=\"\" class=\"wp-image-1253\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-28.png 817w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-28-300x139.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-28-768x356.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-28-705x327.png 705w\" sizes=\"auto, (max-width: 817px) 100vw, 817px\" \/><\/figure>\n\n\n\n<p>7. Security Echosystem integration &#8211; this more of pXGrid deployment with other partner systems.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"808\" height=\"456\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-27.png\" alt=\"\" class=\"wp-image-1252\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-27.png 808w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-27-300x169.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-27-768x433.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-27-705x398.png 705w\" sizes=\"auto, (max-width: 808px) 100vw, 808px\" \/><\/figure>\n\n\n\n<p>8.Complains &amp; posture &#8211; for the Posture checks.<\/p>\n\n\n\n<p>Since i have described how we can go gradually deployment &#8211; lets discuss also License requirement.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"808\" height=\"539\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-26.png\" alt=\"\" class=\"wp-image-1251\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-26.png 808w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-26-300x200.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-26-768x512.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-26-705x470.png 705w\" sizes=\"auto, (max-width: 808px) 100vw, 808px\" \/><\/figure>\n\n\n\n<p><strong>DNA Space with ISE<\/strong><\/p>\n\n\n\n<p>In the Desing level you can do all planning, what you can do as part of DNA center Design Level.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"687\" height=\"381\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-30.png\" alt=\"\" class=\"wp-image-1256\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-30.png 687w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-30-300x166.png 300w\" sizes=\"auto, (max-width: 687px) 100vw, 687px\" \/><\/figure>\n\n\n\n<p>Elements required to make this happend, ISE Play Major role in SD-Access or DNAC space. this is part of the solution. you get 360 Degree visibility and take action in ~5sec (cisco claim ) to remidiate or block the attack going to happening in the network.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"696\" height=\"345\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-31.png\" alt=\"\" class=\"wp-image-1257\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-31.png 696w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-31-300x149.png 300w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><\/figure>\n\n\n\n<p>This is part of base design  very clear matrix required what to access and what not.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"722\" height=\"379\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-29.png\" alt=\"\" class=\"wp-image-1255\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-29.png 722w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-29-300x157.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-29-705x370.png 705w\" sizes=\"auto, (max-width: 722px) 100vw, 722px\" \/><\/figure>\n\n\n\n<p>ISE Provide more visibility in the network.<\/p>\n\n\n\n<p>I am running 2.4 as part of CCIE Sec requirement.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"514\" height=\"344\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-34.png\" alt=\"\" class=\"wp-image-1264\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-34.png 514w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-34-300x201.png 300w\" sizes=\"auto, (max-width: 514px) 100vw, 514px\" \/><\/figure>\n\n\n\n<p>By Summary it shows &#8211;<\/p>\n\n\n\n<p>Metric<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Total endpoints<\/li><li>Active Endpoints<\/li><li>BYOD Endpoints<\/li><li>Compliance<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"123\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-33-1024x123.png\" alt=\"\" class=\"wp-image-1262\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-33-1024x123.png 1024w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-33-300x36.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-33-768x92.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-33-1536x184.png 1536w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-33-705x85.png 705w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-33.png 1750w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Authentications &#8211;  by different device types  and models<\/p>\n\n\n\n<p>Network Devices &#8211; Switches, routers, WLC<\/p>\n\n\n\n<p>Endpoints &#8211; end points<\/p>\n\n\n\n<p>BYOD Endpoints &#8211; Guest non-trusted users<\/p>\n\n\n\n<p>Alarms &#8211; this alarms and alerts. &#8211; user friendly readable.<\/p>\n\n\n\n<p>System Summary &#8211; Overall system , status and cluster of ISE.<\/p>\n\n\n\n<p>ISE &#8211; Visiblity  Setup wizard<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>it automatically finds and discovers it over all the network &#8211; and finds all devices with more information.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"506\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-32-1024x506.png\" alt=\"\" class=\"wp-image-1261\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-32-1024x506.png 1024w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-32-300x148.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-32-768x380.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-32-705x349.png 705w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-32.png 1329w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>ISE Profiling work with ISE and DNAC<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"716\" height=\"343\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-35.png\" alt=\"\" class=\"wp-image-1266\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-35.png 716w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-35-300x144.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-35-705x338.png 705w\" sizes=\"auto, (max-width: 716px) 100vw, 716px\" \/><\/figure>\n\n\n\n<p>ISE does the Probing &#8211; 2 types Active and Passive<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"318\" height=\"55\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-36.png\" alt=\"\" class=\"wp-image-1267\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-36.png 318w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-36-300x52.png 300w\" sizes=\"auto, (max-width: 318px) 100vw, 318px\" \/><\/figure>\n\n\n\n<p>how the process works on high level.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"703\" height=\"363\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-37.png\" alt=\"\" class=\"wp-image-1268\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-37.png 703w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-37-300x155.png 300w\" sizes=\"auto, (max-width: 703px) 100vw, 703px\" \/><\/figure>\n\n\n\n<p>how the information collected based in Device Sensors<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"696\" height=\"366\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-38.png\" alt=\"\" class=\"wp-image-1269\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-38.png 696w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-38-300x158.png 300w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><\/figure>\n\n\n\n<p>ISE come with defaul many profiles example :<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"193\" src=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-39-1024x193.png\" alt=\"\" class=\"wp-image-1270\" srcset=\"https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-39-1024x193.png 1024w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-39-300x57.png 300w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-39-768x145.png 768w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-39-1536x290.png 1536w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-39-705x133.png 705w, https:\/\/www.balajibandi.com\/wp-content\/uploads\/2020\/11\/image-39.png 1572w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>More to add as it goes<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Happy Labbbing !!!!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As i was workiend 1.X Long Long and discontinued due that i have to working AWS cloud Service for 2-3 years for a Client. Once I got back I had worked little time 2.2 for the short term, then moved to the organization, still Holding ACS 4.X and 5.8 ( tried many times promote ISE [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,10,2],"tags":[],"class_list":["post-1239","post","type-post","status-publish","format-standard","hentry","category-ccie-sec","category-ccie-rns","category-cisco"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1239"}],"version-history":[{"count":12,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1239\/revisions"}],"predecessor-version":[{"id":1271,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1239\/revisions\/1271"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}