Configure ISE Policy Set

LAB 5: Configure ISE Policy Set

Topology: 

Below is the topology provided to configure in lab 

Task: 

Perform below task as per above topology.

• Add network Devices (Switches, vWLC) to Network Device Group.
• Create the Policy set for Wired and Wireless Access
• Configure Authentication policy for Wired and Wireless Access Policy Set
• Configure Authorization Policy for Wired and Wireless Policy Set.
  • Configure dACL for Employee, Contractor, and Domain Computers
  • Configure Authentication Profile for Employee, Contractor, and Domain Computers
• Configure Global Exception Policy so that demo.local IT person can be able to audit the demo.local network.

Solution:

Go to ISE GUI, Navigate to Administration | Network Resources | Network Device Groups | Click ADD

Perform the activity as per given figure below and as per following task

Now we will define actual NAD that will be member of groups we just created

Administration | Network Resources | Network Devices | Click ADD

For Access Switch follow the below procedure to add Switch in NAD

Click Submit

Now we will validate the WLC and add this network device to Cisco ISE.

Login to WLC | Click WLAN | Verify the three WLANs Configured with its ID as shown in figure, it will be used for Employee, Guest and Hotspot users.

Click to Each WLAN and make its status Enabled and APPLY to Configuration.

Navigate to Security | AAA | RADIUS | Authentication, Verify that RADIUS server has been configured Uncheck the Management field and do same of Accounting , as shown in figure.

Now click to Wireless | and find you have your pod AP discovered.

Return the ISE portal, Navigate to

Administration | Network Resources | Network Devices | Click ADD | Click Submit

For vWLC follow the below procedure to add vWLC in NAD and Click Submit.

Define Policy Set:

In ISE GUI Navigate to Policy | Policy Set | Click the gear icon to right of Default policy set and chose insert a new row above.