joining audio broadcast - typepad · presentation_id © 2013 cisco and/or its affiliates. all...
TRANSCRIPT
![Page 1: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/1.jpg)
![Page 2: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/2.jpg)
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Joining Audio Broadcast
2
1. Audio Broadcast window should automatically pop up; Audio will be streamed through your computer speakers
2. If Audio Broadcast window does not appear, go to Communicate menu and select Audio Broadcast
3. You will hear hold music until the event begins
4. If you are unable to hear via your PC speakers, click the Phone button to request dial-in instructions
![Page 3: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/3.jpg)
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Submit Questions
3
1. Click on the Q&A arrow to expand the Q&A panel
2. Type your question Technical Assistance – send to Host Content Questions – send to All Panelists
3. Click the Send button
![Page 4: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/4.jpg)
![Page 5: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/5.jpg)
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Thank You for Joining Us Today
5
Download a copy of todays slides using the link in the chat.
Today’s webcast will be available on-demand within 48hrs.
![Page 6: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/6.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
Your Presenter
6
Brandon Carroll
![Page 7: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/7.jpg)
The ABC’s Of Identity Management Session ID CP-1002
Brandon Carroll, CCIE #23837
![Page 8: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/8.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
AAA Identity Management Security
8
![Page 9: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/9.jpg)
Introduction
![Page 10: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/10.jpg)
Overview of Identity Management
![Page 11: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/11.jpg)
TACACS+ RADIUS
802.1X
![Page 12: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/12.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
AAA
12
AAA is a Framework
![Page 13: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/13.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
Authentication
§ Who are you?
§ Can be based on: – Something you have – Something you know – Something you are
§ Without identifying who you are, how can I determine what your privileges should be?
§ Providing Authentication Information = Keys to the lock
13
![Page 14: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/14.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
Authorization
14
§ What can you do? – Can you access privilege exec on a router? – Can you surf the Internet? – Can you access VLAN100? – Do you need to be postured?
§ The bigger chunk of what we do. – Most of the policy is here.
![Page 15: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/15.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
Accounting
§ A Paper Trail – Good to know what went on. – We can then go back and analyze
15
![Page 16: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/16.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
A Question Arises…
16
Where’s all this information stored?
![Page 17: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/17.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
Local vs. Remote
17
Local is limited…
However,
Offloading the control gives us much more capability
![Page 18: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/18.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
Two External Protocols and Two External Servers
§ TACACS+ § RADIUS
§ Cisco Secure Access Control Server
§ Cisco Identity Services Engine
18
![Page 19: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/19.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
TACACS+
19
§ Terminal Access Controller Access-Control System Plus § Separate Authentication, Authorization & Accounting services § TCP port 49 § Encrypts the body of the packet for secure communications
![Page 20: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/20.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
RADIUS
20
§ Remote Authentication Dial In User Service § Developed by Livingston Enterprises, Inc. in 1991 § Uses UDP
– Port 1645 (legacy) and 1812 for Authentication and Authorization – Port 1646 (legacy) and 1813 for Accounting
§ Three responses from a RADIUS Server to a Network Access Device (NAD) – Access Reject – Access Challenge – Access Accept.
§ Authorization values also sent to NAD (dACL, VLAN, SGT, etc…) – Attribute Value Pairs (AVP) carry data in both the request and the response for the
authentication, authorization, and accounting transactions. – Vendors can create their own Vendor-specific attributes
§ Uses a Shared-secret to obfuscate the passwords it passes. § Used for 802.1X authentication
![Page 21: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/21.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
802.1X
21
§ IEEE standard for Port-based Access Control
§ Mechanism for authentication of devices connecting to a LAN or WLAN
§ Encapsulates Extensible Authentication Protocol (EAP) over IEEE 802 (EAPOL)
![Page 22: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/22.jpg)
Identity Management for End Users
![Page 23: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/23.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
802.1X Elements
![Page 24: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/24.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
802.1X Elements
![Page 25: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/25.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
The Role of Cisco ISE
25
Authentication Server
![Page 26: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/26.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
The Role of Cisco Switches
26
Network Access Device
![Page 27: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/27.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
The Role of Wireless LAN Controllers
27
§ Also act as a NAD § Talks to clients using 802.1X § Talks to Cisco ISE using RADIUS § Applies policy as directed by Cisco ISE
![Page 28: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/28.jpg)
Simple Configuration of 802.1x with Cisco ISE
28
Demo (As Time Permits)
![Page 29: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/29.jpg)
Identity Management for Administrative Access
![Page 30: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/30.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
TACACS+
30
§ More commonly used for administrative authentications § Enables Command Authorization Capability § Works with CSACS § Currently not supported in Cisco ISE 1.2
TCP / 49
Separate Authentication, Authorization, and Accounting processes
Encrypts the entire packet
![Page 31: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/31.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
Cisco Secure ACS
31
Add Network Devices
Create Identity Group
Define User & Associate To Group
![Page 32: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/32.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
The Role of Cisco IOS Routers & SwitchesUsing Command Authorization
32
![Page 33: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/33.jpg)
© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public
Thank You for Joining Us Today
33
Download a copy of todays slides using the link in the chat.
Today’s webcast will be available on-demand within 48hrs.
Please complete the survey after closing the WebEx event.
![Page 34: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand](https://reader036.vdocuments.us/reader036/viewer/2022070717/5edd8fd7ad6a402d6668b0cc/html5/thumbnails/34.jpg)