preview

The New River Guitars Ise Deployment

Decent Essays
Executive Summary
The purpose of this document is to provide New River Guitars with detailed documentation of the ISE 1.2 deployment performed during October and November, 2013. This document will encompass business and technical requirements, methodology, design, and specific configurations for the ISE deployment.
The New River Guitars ISE deployment will leverage ISE version 1.2 software in VMware virtual machines. A distributed ISE deployment will be utilized placing nodes in the Phoenix and Nashville data centers. Each data center will house an administrative node (PAN), a monitoring node (MnT), and two policy service nodes (PSN). The PAN and MnT in Phoenix data center are the primary devices. The PSNs are placed behind an F5
…show more content…
Per New River Guitars’ requirements, the wired deployment will initially be in monitor mode. This will allow users who fail authentication to be granted access to the network. Authorization Profiles that are in use only Permit Access and do not Deny network access. ISE can be transitioned to an low-impact or closed mode to require users to authenticate and authorize via ISE before being granted access to the network. Low Impact and closed mode will be tested on lab ISE nodes and test switches.
An authorization rule for Mac Authentication Bypass (MAB) was created. Devices without 802.1x supplicants are authenticated against the MAB policy and then profiled. Once the device is profiled a new authorization policy is created based upon the profiled endpoint identity and inserted above the MAB rule in authorization policies. The intention of this is to profile and categorize every device on the New River Guitars network.
2. Design Requirements
The primary requirements for this design are listed below to permit or deny users or devices network access based on defined criteria.
2.1 Business Requirements
● Design a solution to authenticate, authorize and profile New River Guitars workstations using wired connections based on a machine certificate using EAP-TLS
● Authenticate, authorize and profile New River Guitars wired devices that do
    Get Access