Cisco Cisco 2504 Wireless Controller 문제 해결 가이드
Introduction
Cisco Identity Services Engine (ISE) is Ciscos next−generation policy server that provides authentication
and authorization infrastructure to the Cisco TrustSec solution. It also provides two other critical services:
and authorization infrastructure to the Cisco TrustSec solution. It also provides two other critical services:
The first service is to provide a way to profile endpoint device type automatically based on attributes
Cisco ISE receives from various information sources. This service (called Profiler) provides
equivalent functions to what Cisco has previously offered with the Cisco NAC Profiler appliance.
Cisco ISE receives from various information sources. This service (called Profiler) provides
equivalent functions to what Cisco has previously offered with the Cisco NAC Profiler appliance.
•
Another important service that Cisco ISE provides is to scan endpoint compliancy; for example,
AV/AS software installation and its definition file validity (known as Posture). Cisco has been
previously providing this exact posture function only with the Cisco NAC Appliance.
AV/AS software installation and its definition file validity (known as Posture). Cisco has been
previously providing this exact posture function only with the Cisco NAC Appliance.
•
Cisco ISE provides an equivalent level of functionality, and it is integrated with 802.1X authentication
mechanisms.
mechanisms.
Cisco ISE integrated with wireless LAN controllers (WLCs) can provide profiling mechanisms of mobile
devices such as Apple iDevices (iPhone, iPad, and iPod), Android−based smartphones, and others. For
802.1X users, Cisco ISE can provide the same level of services such as profiling and posture scanning. Guest
services on Cisco ISE can also be integrated with the Cisco WLC by redirecting web authentication requests
to Cisco ISE for authentication.
devices such as Apple iDevices (iPhone, iPad, and iPod), Android−based smartphones, and others. For
802.1X users, Cisco ISE can provide the same level of services such as profiling and posture scanning. Guest
services on Cisco ISE can also be integrated with the Cisco WLC by redirecting web authentication requests
to Cisco ISE for authentication.
This document introduces the wireless solution for Bring Your Own Device (BYOD), such as providing
differentiated access based on known endpoints and the user policy. This document does not provide the
complete solution of BYOD, but serves to demonstrate a simple use case of dynamic access. Other
configuration examples include using the ISE sponsor portal, where a privileged user can sponsor a guest for
provisioning wireless guest access.
differentiated access based on known endpoints and the user policy. This document does not provide the
complete solution of BYOD, but serves to demonstrate a simple use case of dynamic access. Other
configuration examples include using the ISE sponsor portal, where a privileged user can sponsor a guest for
provisioning wireless guest access.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
Cisco Wireless LAN Controller 2504 or 2106 with software version 7.2.103
•
Catalyst 3560 8 ports
•
WLC 2504
•
Identity Services Engine 1.0MR (VMware server image version)
•
Windows 2008 Server (VMware image) 512M, 20GB disk
Active Directory
♦
DNS
♦
DHCP
♦
Certificate Services
♦
•
Topology