Cisco :: Deploying Monitor Mode with Cisco ISE

In this video session we take a look at how to configure ISE and switches for monitor mode for secure network access control.

The following video demonstrates IBNS 1.0 configurations, I will be doing a video on IBNS 2.0 soon so please keep a look out on my blog.

Below is the configuration output omitted from the switch used in the video demonstration.

Output ommitted....
ACCESS-SW1#show run
!
aaa new-model
!
aaa group server radius ISE
 server name ISE1
 ip radius source-interface Vlan99
!
aaa authentication login default enable local
aaa authentication dot1x default group ISE
aaa authorization network default group ISE 
aaa accounting update newinfo periodic 2800
aaa accounting dot1x default start-stop group ISE
!
dot1x system-auth-control
!
interface GigabitEthernet1/0/1
 description DATA-PORT
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 20
 authentication host-mode multi-auth
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 dot1x pae authenticator
 dot1x timeout tx-period 10
 spanning-tree portfast
!
interface Vlan10
 ip address 172.16.10.3 255.255.255.0
 ip helper-address 172.16.10.1
!
interface Vlan99
 ip address 172.16.0.5 255.255.255.0
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
!
radius server ISE1
 address ipv4 172.16.0.254 auth-port 1812 acct-port 1813
 key iselab
!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.