Cisco Cisco Identity Services Engine 2.1 Manual Técnica
Cisco Identity Service Engine 2.1
●
Cisco 3750X switch with IOS
®
Software Release 15.0(1)SE2
●
Microsoft Windows Server 2008 R2
●
Microsoft Window 7 Workstation
●
Background Information
EasyConnect feature information
EasyConnect provides port-based authentication similar to 802.1X, but easier to implement.
EasyConnect learns about the authentication from Active Directory and provides session-tracking
for active network sessions. Session Directory notifications can be published with PxGrid.
EasyConnect learns about the authentication from Active Directory and provides session-tracking
for active network sessions. Session Directory notifications can be published with PxGrid.
Both EasyConnect and 802.1x can be configured on the same port, but you must have a different
ISE policy for each service.
EasyConnect is supported in High Availabilty mode. It is recommended to have dedicated PSN for
WMI. Best practice is to have two PSN – one is active and the second is in standby.
ISE policy for each service.
EasyConnect is supported in High Availabilty mode. It is recommended to have dedicated PSN for
WMI. Best practice is to have two PSN – one is active and the second is in standby.
All of the PSNs receive the data from the DC but only one is set as the master and forward the
events to the MnT. The PSNs elect the active one and automatically handle the case of promoting
the standby in case of a failure. The process of electing PSN as primary by PassievID Managment
service is transparent.
events to the MnT. The PSNs elect the active one and automatically handle the case of promoting
the standby in case of a failure. The process of electing PSN as primary by PassievID Managment
service is transparent.
EasyConnect process flow
The switch is configured for MAB, which sends an Authentication request to PSN. PSN replies
with limited access, which allows the user authenticate with Active Directory. PSN authenticating
the client forwards the information about MAB auth, RADIUS accounting start and interim stop to
MNT. Primary PSN ( This might not be the Authenticating PSN. This is the PSN elected as primary
by PassiveId Management Service) forwards WMI Auth events to MnT. Once all the data is
with limited access, which allows the user authenticate with Active Directory. PSN authenticating
the client forwards the information about MAB auth, RADIUS accounting start and interim stop to
MNT. Primary PSN ( This might not be the Authenticating PSN. This is the PSN elected as primary
by PassiveId Management Service) forwards WMI Auth events to MnT. Once all the data is