« back to news

Cisco ISE 2.7 Mobility Deep Dive v1

Date
March 2020

Overview

This demonstration provides Cisco Field and Channel Partners an easy, scalable way to demonstrate the Cisco Identity Services Engine (ISE) security solution. Not only is the experience more streamlined, but it automates and simplifies access control and security compliance for wireless networks. Cisco dCloud helps you to instantly use an access point and/or endpoint router to demonstrate this scalable Cisco solution.This Cisco ISE solution will includes the following use cases in this demo:

  • Guest Access Management – simple quick and easy hotspot, self-registered, and sponsored guests
  • BYOD – onboarding of employee devices using ISE for native supplicant and certificate provisioning
  • Secure Access – 802.1x differentiated access depending on user groups
  • Device Admin (TACACs) – RBAC controls of Network Access Device configurations

Location Services are not available for this demonstration.

What’s New

This ISE Demo gives the user access to ISE 2.7. Some of the key features that you can use are the Interactive Help and Guest Access Management features. For a complete reference of ISE 2.7 features please see the ISE 2.7 Release Notes.

  • Identity Services Engine (ISE) updated to 2.7
  • Interactive Help
  • BYOD android EST (Enrollment over Secure Transport) fix

Scenarios

Guest Access Management

  • Scenario 1: Guest Internet Access with Hotspot
  • Scenario 2: Self-Registered Guest Access with Sponsor Approval
  • Scenario 3: Sponsored Guest Access

Device Onboarding and Management

  • Scenario 1: Device Onboarding for BYOD
  • Scenario 2: Device Management

Secure Access

  • Scenario 1: Secure Access (802.1x) Differentiated Access

Device Administration

  • Scenario 1: Device Administration
  • Scenario 2: Analyzing Device Administration

Requirements

The requirements vary by scenario. Please see the demonstration guide for requirement details for the selected scenario. The table below represents the requirements to complete all demonstrations in the Cisco dCloud Mobility Deep Dive portfolio.

Required Optional
  • Preferred Endpoint Router
    • 819W router, registered and configured for Cisco dCloud
    • Cisco Aironet Series Access Point (3000, 2000, or 1000 series)
  • Laptop
  • User Devices
    • Tablet
    • Smartphone
    • Laptop
  • Access Point (must support WLC 8.5 code)
  • Cisco AnyConnect®

Components

  • Cisco Identity Services Engine (ISE) 2.3
  • Microsoft Active Directory-Windows 2008 R2
  • Microsoft Exchange 2010-Windows 2008 R2
  • Cisco Virtual Wireless Controller (vWLC) 8.5
  • Cisco Virtual Cloud Services Router (CSRv)

Features

Internet Hotspot
  • Internet only hotspot capability with AUP acceptance and password protection
Self-Registered and Sponsored Guest Access
  • Self registered access – SMS and email notifications
  • Sponsoring a guest account – SMS and email notifications
  • Sponsor bulk guest account import
  • Guests going through guest registration flows can use email from any public domain to receive guest credentials
BYOD On-Boarding
  • Device onboarding and provisioning
  • Compliance with security policy by enforcing access controls
  • Easy blacklisting for lost or stolen personal devices
Device Administration
  • Demonstrate TACACS+ device administration for IOS and WLC then a second bullet ISE configuration in place for NXOS and ASA