Lub Chaw Pabcuam Tus Kheej muaj 4 qhov chaw (nodes): kev tswj ntawm qhov (Policy Administration Node), txoj cai faib ntawm (Policy Service Node), kev saib xyuas ntawm (Monitoring Node) thiab PxGrid node (PxGrid Node). Cisco ISE tuaj yeem nyob hauv ib leeg lossis faib kev teeb tsa. Hauv Standalone version, txhua qhov chaw nyob ntawm ib lub tshuab virtual lossis lub cev neeg rau zaub mov (Secure Network Servers - SNS), thaum nyob rau hauv Distributed version, cov nodes tau faib thoob plaws cov khoom siv sib txawv.
Txoj Cai Tswjfwm Ntiag Tug (PAN) yog qhov xav tau ntawm qhov tso cai rau koj ua txhua yam kev tswj hwm ntawm Cisco ISE. Nws tuav tag nrho cov kev teeb tsa uas cuam tshuam nrog AAA. Nyob rau hauv ib tug faib configuration (nodes tuaj yeem ntsia tau raws li cais cov tshuab virtual), koj tuaj yeem muaj qhov siab tshaj plaws ntawm ob lub PAN rau kev ua txhaum cai - Active / Standby hom.
Txoj Cai Pabcuam Node (PSN) yog qhov yuav tsum tau ua ntawm kev nkag mus rau hauv lub network, lub xeev, kev nkag mus rau cov qhua, kev pabcuam rau cov neeg siv khoom, thiab profileing. PSN ntsuam xyuas txoj cai thiab siv nws. Feem ntau, ntau PSNs raug teeb tsa, tshwj xeeb tshaj yog nyob rau hauv ib qho kev faib tawm, rau ntau dua thiab faib ua haujlwm. Tau kawg, lawv sim nruab cov nodes hauv cov ntu sib txawv kom tsis txhob poob lub peev xwm los muab cov ntaub ntawv pov thawj thiab tso cai nkag rau ib pliag.
Monitoring Node (MnT) yog ib qho yuav tsum tau khaws cov ntaub ntawv teev tseg, cov ntaub ntawv ntawm lwm cov nodes thiab cov cai ntawm lub network. MnT node muab cov cuab yeej tshaj lij rau kev saib xyuas thiab daws teeb meem, sau thiab sib txuas ntau yam ntaub ntawv, thiab tseem muab cov ntaub ntawv tseem ceeb. Cisco ISE tso cai rau koj kom muaj qhov siab tshaj plaws ntawm ob lub MnT nodes, yog li tsim kev ua txhaum cai - Active / Standby hom. Txawm li cas los xij, cov cav tau sau los ntawm ob lub nodes, ob qho tib si nquag thiab passive.
pilot project - tiv tauj ib tus neeg koom tes uas tau tso cai los ua qhov kev sim dawb.
1) Tom qab tsim lub tshuab virtual, yog tias koj thov cov ntaub ntawv ISO thiab tsis yog OVA template, lub qhov rais yuav tshwm sim uas ISE xav kom koj xaiv qhov kev teeb tsa. Txhawm rau ua qhov no, tsis yog koj tus lej nkag thiab tus password, koj yuav tsum sau "teebβ!
Nco ntsoov: Yog tias koj siv ISE los ntawm OVA template, ces cov ntaub ntawv nkag mus admin/MyIseYPass2 (qhov no thiab ntau ntxiv yog qhia nyob rau hauv official qhia).
Daim duab 2. Txhim kho Cisco ISE
2) Tom qab ntawd koj yuav tsum sau rau hauv qhov xav tau xws li IP chaw nyob, DNS, NTP thiab lwm yam.
Daim duab 3. Initializing Cisco ISE
3) Tom qab ntawd, lub cuab yeej yuav rov pib dua, thiab koj tuaj yeem txuas ntawm lub vev xaib interface siv qhov chaw nyob IP yav dhau los.
Daim duab 4. Cisco ISE Web Interface
4) Se tab Kev tswj hwm> System> Deployment koj tuaj yeem xaiv cov nodes (cov chaw) tau qhib rau ntawm ib lub cuab yeej tshwj xeeb. Lub PxGrid node tau qhib ntawm no.
Daim duab 5. Cisco ISE Entity Management
5) Tom qab ntawd hauv tab Kev tswj hwm> Qhov System> Kev Nkag Mus Nkag>authentication Kuv pom zoo kom teeb tsa tus password txoj cai, txoj kev lees paub (daim ntawv pov thawj lossis tus password), hnub tas sij hawm ntawm tus account, thiab lwm yam teeb tsa.
Daim duab 6. Authentication type settingDaim duab 7. Kev teeb tsa tus passwordDaim duab 8. Teeb tsa tus account kaw tom qab lub sij hawm tasDaim duab 9. Teeb tsa tus account xauv
6) Se tab Kev tswj hwm> Txheej Txheem> Kev Nkag Mus Nkag> Tus Thawj Coj> Cov Neeg Siv Khoom Siv> Ntxiv koj tuaj yeem tsim tus thawj tswj hwm tshiab.
Daim duab 10. Tsim ib lub zos Cisco ISE Administrator
7) Tus thawj tswj hwm tshiab tuaj yeem ua ib feem ntawm pab pawg tshiab lossis cov pab pawg uas twb tau teev tseg lawm. Pawg thawj tswj hwm raug tswj hwm hauv tib lub vaj huam sib luag hauv tab Admin Pawg. Table 2 qhia txog cov ntaub ntawv hais txog ISE cov thawj coj, lawv txoj cai thiab lub luag haujlwm.
Table 2. Cisco ISE Administrator Groups, Access Levels, Permissions, and Restrictions
Daim duab 11. Predefined Cisco ISE Administrator Groups
8) Ntxiv rau hauv tab Kev Tso Cai> Tso Cai> RBAC Txoj Cai Koj tuaj yeem hloov kho cov cai ntawm cov thawj coj ua ntej.
Daim duab 12. Cisco ISE Administrator Preset Profile Rights Management
9) Se tab Kev tswj hwm> System> ChawTxhua qhov kev teeb tsa muaj nyob hauv (DNS, NTP, SMTP thiab lwm yam). Koj tuaj yeem sau lawv tawm ntawm no yog tias koj tsis nco lawv thaum lub sijhawm pib ntaus ntawv pib.
5. Xaus
Qhov no xaus thawj tsab xov xwm. Peb tau tham txog qhov ua tau zoo ntawm Cisco ISE NAC kev daws teeb meem, nws cov qauv tsim, yam tsawg kawg nkaus uas yuav tsum tau ua thiab kev xaiv xa mus, thiab kev teeb tsa thawj zaug.
Hauv tsab xov xwm tom ntej, peb yuav saib txog kev tsim cov nyiaj, koom nrog Microsoft Active Directory, thiab tsim cov qhua tuaj.
Yog tias koj muaj lus nug txog lub ncauj lus no lossis xav tau kev pab hauv kev sim cov khoom, thov hu rau txuas.