Step by Step on how to use Cisco Identity Services Engine (ISE), Aruba ClearPass for Network Access Control

Using Cisco Identity Services Engine (ISE)

Cisco Identity Services Engine (ISE) is a powerful tool for network access control, providing identity-based secure access to network resources. Here are the steps to set up and use Cisco ISE:

Step 1: Install Cisco ISE

1. Obtain Software:
   • Download the Cisco ISE software from the Cisco website (requires a valid Cisco account and license).
2. Install Cisco ISE:
   • Follow the installation guide to install ISE on a supported hardware appliance or virtual machine.
   • Configure basic network settings during the installation process.

Step 2: Initial Configuration

1. Access the Admin Interface:
   • Open a web browser and go to https://<ISE-IP-Address>:8443/admin.
   • Log in using the admin credentials created during installation.
2. Run Initial Setup Wizard:
   • Follow the initial setup wizard to configure basic settings such as hostname, time zone, and network settings.

Step 3: Configure Network Devices

1. Add Network Devices:
   • Go to Administration > Network Resources > Network Devices.
   • Click Add and enter the details of your network device (e.g., switches, routers).
   • Configure SNMP settings and device-specific settings.

Step 4: Configure Authentication and Authorization Policies

1. Define Identity Sources:
   • Go to Administration > Identity Management > External Identity Sources.
   • Configure Active Directory, LDAP, RADIUS, or other identity sources.
2. Create Authentication Policies:
   • Go to Policy > Policy Sets.
   • Create or modify a policy set to define authentication rules based on conditions like device type, user role, etc.
3. Create Authorization Policies:
   • In the same policy set, define authorization rules that specify what access rights to grant based on authentication results.

Step 5: Configure Profiling and Posture Assessment (Optional)

1. Enable Profiling:
   • Go to Work Centers > Network Access > Profiling.
   • Enable profiling and configure profiler settings to identify device types on the network.
2. Configure Posture Assessment:
   • Go to Work Centers > Network Access > Posture.
   • Define posture policies to ensure that devices meet security compliance before granting access.

Step 6: Monitor and Manage

1. Monitor Network Activity:
   • Use the Operations > RADIUS Live Logs to monitor authentication and authorization requests in real-time.
   • Review Reports to analyze network access trends and incidents.
2. Manage Incidents:
   • Use the Context Visibility feature to view detailed information about connected devices and users.
   • Address policy violations and adjust policies as necessary.

Using Aruba ClearPass

Aruba ClearPass is another robust solution for network access control and policy management. Here are the steps to set up and use Aruba ClearPass:

Step 1: Install Aruba ClearPass

1. Obtain Software:
   • Download the ClearPass software from the Aruba Networks website (requires a valid account and license).
2. Install ClearPass:
   • Follow the installation guide to install ClearPass on a supported hardware appliance or virtual machine.
   • Configure basic network settings during the installation process.

Step 2: Initial Configuration

1. Access the Admin Interface:
   • Open a web browser and go to https://<ClearPass-IP-Address>.
   • Log in using the admin credentials created during installation.
2. Run Initial Setup Wizard:
   • Follow the initial setup wizard to configure basic settings such as hostname, time zone, and network settings.

Step 3: Configure Network Devices

1. Add Network Devices:
   • Go to Configuration > Network > Devices.
   • Click Add Device and enter the details of your network device (e.g., switches, routers).
   • Configure RADIUS settings and device-specific settings.

Step 4: Configure Authentication and Authorization Policies

1. Define Identity Sources:
   • Go to Configuration > Identity > Sources.
   • Configure Active Directory, LDAP, RADIUS, or other identity sources.
2. Create Authentication Policies:
   • Go to Configuration > Authentication > Services.
   • Click Add Service and define authentication rules based on conditions like device type, user role, etc.
3. Create Authorization Policies:
   • In the same service, define enforcement policies that specify what access rights to grant based on authentication results.

Step 5: Configure Profiling and Posture Assessment (Optional)

1. Enable Profiling:
   • Go to Configuration > Device Profiling.
   • Enable profiling and configure profiler settings to identify device types on the network.
2. Configure Posture Assessment:
   • Go to Configuration > Posture.
   • Define posture policies to ensure that devices meet security compliance before granting access.

Step 6: Monitor and Manage

1. Monitor Network Activity:
   • Use the Monitoring > Live Monitoring > Access Tracker to monitor authentication and authorization requests in real-time.
   • Review Reports to analyze network access trends and incidents.
2. Manage Incidents:
   • Use the ClearPass Insight feature to view detailed information about connected devices and users.
   • Address policy violations and adjust policies as necessary.

Summary

• Cisco ISE: Focuses on centralized identity management, authentication, authorization, and profiling for secure network access.
• Aruba ClearPass: Provides comprehensive network access control, policy management, and device profiling for a secure network environment.

Both Cisco ISE and Aruba ClearPass offer robust tools for securing network access and managing policies, ensuring that only authorized users and compliant devices can access network resources.