Overview

Cisco ISE is something that I have worked on at multiple organisations. ISE is a very clever product that can simplify the management of a network for user ports. Essentially it removes the traditional VLAN/user type being tied to a physical switch port. ISE allows you to define a type of user based on their AD attributes. ISE can then push physical switchports configuration based off the user attributes. This could be as simple as a VLAN or more complex things such as; ACLs permitting different access based on username or scanning a laptop to determine if it has the correct software of Windows security updates.

In this project I will create an ISE topology and build out different features in ISE as a demonstration of the capabilities it has. By no means will this be a comprehensive look at all the ISE features. Instead it will concentrate on the core features that the majority of organisations will find useful and what I have seen in my previous experience.

The lab that I have used for this is a couple of years old. I created it in conjunction with Checkpoint to see traffic flows, VPNs and firewall rules. Most of this will be concentrating on the lower half of the topology. However as the project progresses most of the network devices will be used.