ZNDP 032 – Cisco ISE Client Authentication Design with Andy Richter

Today’s show is all about Cisco ISE Client Authentication Design with Guest Expert Andy Richter, who is a Security Practice Manager and Distinguished Engineer at Presidio. This episode is a follow up episode from ZNDP # 29 – Cisco ISE Authentication Design!  In this episode we are focusing on the Client Authentication piece of the puzzle.  Andy and I talk about Supplicants, PEAP, EAP-TLS, EAP-Chaining, AnyConnect NAM, and much more! So much Tech in this episode so lets get to it!

 


Cisco ISE Client Authentication – Methodologies Overview

  • Discussion of general supplicant capabilities and limitations
  • Password vs certificate inner methods
  • Go over TLS tunnel for outer security – Preventing rogue WLANs
  • Server certificate trust design – Wildcard Certs and SAN Certs
  • User vs Machine

Cisco ISE Client Authentication – Supplicants

Windows Native 

  • GPO
  • PEAP
  • EAP-TTLS
  • EAP-TLS
  • Prevent Guest access

Anyconnect NAM

  • MIX methods
  • EAP-Chaining – EAP-fast overview
  • Corp SSID
  • Wired Switching

Mac OSX

  • MDM/JAMF provisioned 
  • PEAP
  • TLS

Term of the Show:

  • What is a Supplicant?

Guest Expert: Andy Richter

Today we welcome back my good friend Andy Richter as our guest Expert! Andy is a Full-on Cisco ISE Expert, he has written one of the best Cisco ISE Books that I still personally use as a reference today.  He is actually the reason I learned ISE in the first place and he personally taught me some of the basics of ISE day one. He currently is a Distinguished Engineer and Security Practice Manager at Presidio!

How to engage with Andy further:

Practical Deployment Identity Services Engine



Call to Action:

  • What topics would you like us to spotlight on our next Design episode?

 


Mentoring and Coaching with Zig:

Through your participation in a healthy mentoring and coaching relationship, you will benefit greatly from the education, the experiences, the influences, leadership and even the resources provided. Learn how you can accomplish more, in one year, than you could accomplish in your career…in your business…and in your life.

Accomplish More Now!!


Ask Zig:

Ask Zig episodes feature answers to the questions that you provide. Yes You! The questions can be technical, business, certification, or personal related.  I can help out in all of these areas and much more.  If you would like your question spotlighted and answered on the next #AskZig episode submit them now!

Submit Your #AskZig Question Now!!


Provide Feedback


Engage with Zigbits further:


Engage with me further:

 


Transparency:

This post may contain affiliate links to products or services were I may receive a level of compensation from your actions by following those links. This is seamless to you and does not add any additional cost to the products or services in question. In addition, I do not let any affiliate relationship cloud my judgement or my recommendation of a product or service. My recommendations will always be above reproach.  This is my commitment to you Ziglets!