![]() ![]() To review the plain text key value, click the Show button. Note the same shared secret key will be used again later when configuring the RADIUS server on the FireSIGHT MC. Enter the RADIUS shared secret key that will be used for this NAD. Check the box next to Authentication Settings.Click the orange arrow again and select the Network Device Group configured in the step above.This Device Type will be referenced in the authorization policy rule definition in a later step. In the example screenshot that follows, the Device Type Sourcefire has been configured. Click on the icon and select Create New Network Device Group. Under Network Device Group, click on the orange arrow next to All Device Types.Provide a descriptive name and device IP address. Click +Add to add a new Network Access Device (NAD). From the ISE GUI, navigate to Administration > Network Resources > Network Devices.Configuring Network Devices and Network Device Groups These av-pairs are then mapped to a local user group defined in the FMC system policy configuration. One or more authorization policies will be defined on ISE with ISE returning RADIUS attribute value pairs (av-pairs) to the FMC or Managed Device. Note that the authorization configuration is a two step process. The sample configuration is a point of reference and can be adapted to suit the needs of the specific deployment. The example below is one way to configure the intregration. ![]() Tip: There are multiple ways to configure ISE authentication and authorization policies to support integration with Network Access Devices (NAD) such as Sourcefire. If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on these software and hardware versions: Configuring authentication and authorization policies on ISE.FireSIGHT System and Managed Device initial configuration via GUI and/or shell.Prerequisites RequirementsĬisco recommends that you have knowledge of these topics: This document describes the configuration steps required to integrate a Cisco FireSIGHT Management Center (FMC) or Firepower Managed Device with Cisco Identity Services Engine (ISE) for Remote Authentication Dial In User Service (RADIUS) user authentication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |