CCNP Security SISAS 300-208 Official Cert Guide by Woland Aaron & Redmon Kevin
Author:Woland, Aaron & Redmon, Kevin
Language: eng
Format: epub
Publisher: Cisco Press
Published: 2015-04-26T16:00:00+00:00
Figure 14-45 WLC Endpoint Status—Internet_Only.
Now that we have validated the connection from the standpoint of the WLC, we can take a look at ISE, highlighting the communications that are sent between the WLC and ISE and the return traffic. When we look at the ISE authentication details for the initial WebAuth authorization, and the final Internet_Only authorization, we will need to ensure that all authorization conditions are met from the WLC and that the ISE pushes the correct information back to the WLC in both cases.
4. ISE gets the initial authentication request and sends the WLC the CWA authorization profile and SGA policy GUEST—When the endpoint first joins the WLC, the WLC will send a MAB request to ISE. For the endpoint to hit the WebAuth policy, the WLC must meet the conditions of Wireless_MAB (or Wired_MAB, but we know that this endpoint is wireless). This initial authentication request should result in the following communications:
From WLC to ISE—Looking at the authentication details for the endpoint in question (the magnifying glass in the Details column of the Authentication Live Log), there are a number of sections in the output. For the communication from the NAD, you will need to look at the Overview and Authentication Details section of the output (see Figure 14-46).
Authorization Profile—The Overview shows the condensed version of the authorization output. Looking at the authorization profile, you will see CWA and GUEST. These are the authorization profile and SGA policy you should be seeing.
AuthorizationPolicyMatchedRule—This variable tells us the name of the authorization rule we hit. In the case of a guest authenticating to the network, the rule we should hit is indeed WebAuth.
Endpoint ID—When looking at the authentication details for a particular endpoint, ensure that you are looking at the MAC address of the correct endpoint.
Authentication Method—The Authentication method as seen on the authentication details should be MAB.
Service Type—The service type for a MAB connection from a Cisco WLC should be Call Check.
NAS Port Type—The NAS port type for a wireless connection should be Wireless—IEEE 802.11.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7787)
Grails in Action by Glen Smith Peter Ledbrook(7704)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6613)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6601)
Running Windows Containers on AWS by Marcio Morales(6129)
Kotlin in Action by Dmitry Jemerov(5073)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(4941)
Combating Crime on the Dark Web by Nearchos Nearchou(4522)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4421)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4381)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4192)
The Age of Surveillance Capitalism by Shoshana Zuboff(3961)
Python for Security and Networking - Third Edition by José Manuel Ortega(3764)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3513)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3429)
Mastering Python for Networking and Security by José Manuel Ortega(3348)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3337)
Blockchain Basics by Daniel Drescher(3305)
Learn Wireshark by Lisa Bock(3305)
