Cisco ISE 2.0 – Guest Authentication

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).ISEimage

For more guides about configuring (previous) Cisco ISE, see this page.This is part 3, configuring the Cisco WLC for guest access.

Configure WLAN’s on WLC

  1. Navigate to WLAN’s, Create new

Picture12. Configure General Settings:

(more…)

Cisco ISE 2.0 – Employee Authentication Based on 802.1x (User auth)

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).ISEimage

For more guides about configuring (previous) Cisco ISE, see this page.This is part 2, creating authentication and authorization policies.

Create authentication policy

  1. Navigate to Policy, Authentication
  2. Edit, Wired_802.1X to include Wireless_802.1X, and select “ehlo.lan” domain store.

Picture1

(more…)

Cisco ISE 2.0 Active Directory & Radius

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).

ISEimageFor more guides about configuring (previous) Cisco ISE, see this page.This is part 1, the prerequisites before you can start configuring any authentication method.

Add ISE to Active Directory domain

Login into ISE and add ISE to the Active Directory domain by following these steps:

(more…)

Cisco WSA Authentication

In this and other posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda:

Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware

This is the 6th part of the series.

A proxy is no real proxy without user authentication. That’s what I’m going to discuss in this post. Authentication is needed for logging and user tracking.

Authentication options:

  • Basic (local accounts)
  • NTLMSSP (for Microsoft Active Directory)

In explicit forwarding mode you can use straightforward proxy authentication. In transparant mode you have to fool the WSA.

In case all authentication services are unavailable, you can choose to permit or block all traffic. You can find this setting in Network > Authentication, click Edit Global Settings.

(more…)

Cisco Web Security Appliance introduction

In this and upcoming posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda for the upcoming weeks:

Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware

In this blog we’ll talk about the product introduction.

The Cisco Web Security Appliance (WSA) is an appliance for securing http, https and ftp traffic from (and to) the internet.

The WSA replaces all, or most of these devices in your network:

Firewall
Webproxy
Anti spyware
Antivirus
URL Filtering
Policy management

As you can see, it’s more than just a regular proxy server.

The internet provides a lot of websites, good websites and bad websites. There are a lot of websites which are not work related for a lot of companies. If you want to limit or block those websites for users, the WSA is the product for you. Limitation can be time based, bandwidth based, user based or category based (79 categories). Road warriors (remote users) can be protected too by Anyconnect security or Web cloud Security, also known as Scansafe.

(more…)