joining audio broadcast - typepad · presentation_id © 2013 cisco and/or its affiliates. all...

34

Upload: others

Post on 02-Jun-2020

2 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand
Page 2: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Joining Audio Broadcast

2

1.  Audio Broadcast window should automatically pop up; Audio will be streamed through your computer speakers

2.  If Audio Broadcast window does not appear, go to Communicate menu and select Audio Broadcast

3.  You will hear hold music until the event begins

4.  If you are unable to hear via your PC speakers, click the Phone button to request dial-in instructions

Page 3: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Submit Questions

3

1.  Click on the Q&A arrow to expand the Q&A panel

2.  Type your question Technical Assistance – send to Host Content Questions – send to All Panelists

3.  Click the Send button

Page 4: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand
Page 5: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Thank You for Joining Us Today

5

Download a copy of todays slides using the link in the chat.

Today’s webcast will be available on-demand within 48hrs.

Page 6: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

Your Presenter

6

Brandon Carroll

Page 7: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

The ABC’s Of Identity Management Session ID CP-1002

Brandon Carroll, CCIE #23837

Page 8: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

AAA Identity Management Security

8

Page 9: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

Introduction

Page 10: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

Overview of Identity Management

Page 11: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

TACACS+ RADIUS

802.1X

Page 12: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

AAA

12

AAA is a Framework

Page 13: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

Authentication

§ Who are you?

§ Can be based on: –  Something you have –  Something you know –  Something you are

§ Without identifying who you are, how can I determine what your privileges should be?

§  Providing Authentication Information = Keys to the lock

13

Page 14: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

Authorization

14

§ What can you do? –  Can you access privilege exec on a router? –  Can you surf the Internet? –  Can you access VLAN100? –  Do you need to be postured?

§  The bigger chunk of what we do. –  Most of the policy is here.

Page 15: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

Accounting

§  A Paper Trail –  Good to know what went on. –  We can then go back and analyze

15

Page 16: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

A Question Arises…

16

Where’s all this information stored?

Page 17: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

Local vs. Remote

17

Local is limited…

However,

Offloading the control gives us much more capability

Page 18: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

Two External Protocols and Two External Servers

§ TACACS+ § RADIUS

§ Cisco Secure Access Control Server

§ Cisco Identity Services Engine

18

Page 19: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

TACACS+

19

§  Terminal Access Controller Access-Control System Plus §  Separate Authentication, Authorization & Accounting services §  TCP port 49 §  Encrypts the body of the packet for secure communications

Page 20: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

RADIUS

20

§ Remote Authentication Dial In User Service § Developed by Livingston Enterprises, Inc. in 1991 § Uses UDP

–  Port 1645 (legacy) and 1812 for Authentication and Authorization –  Port 1646 (legacy) and 1813 for Accounting

§  Three responses from a RADIUS Server to a Network Access Device (NAD) –  Access Reject –  Access Challenge –  Access Accept.

§  Authorization values also sent to NAD (dACL, VLAN, SGT, etc…) –  Attribute Value Pairs (AVP) carry data in both the request and the response for the

authentication, authorization, and accounting transactions. –  Vendors can create their own Vendor-specific attributes

§ Uses a Shared-secret to obfuscate the passwords it passes. § Used for 802.1X authentication

Page 21: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

802.1X

21

§  IEEE standard for Port-based Access Control

§ Mechanism for authentication of devices connecting to a LAN or WLAN

§  Encapsulates Extensible Authentication Protocol (EAP) over IEEE 802 (EAPOL)

Page 22: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

Identity Management for End Users

Page 23: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

802.1X Elements

Page 24: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

802.1X Elements

Page 25: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

The Role of Cisco ISE

25

Authentication Server

Page 26: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

The Role of Cisco Switches

26

Network Access Device

Page 27: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

The Role of Wireless LAN Controllers

27

§  Also act as a NAD §  Talks to clients using 802.1X §  Talks to Cisco ISE using RADIUS §  Applies policy as directed by Cisco ISE

Page 28: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

Simple Configuration of 802.1x with Cisco ISE

28

Demo (As Time Permits)

Page 29: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

Identity Management for Administrative Access

Page 30: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

TACACS+

30

§ More commonly used for administrative authentications §  Enables Command Authorization Capability § Works with CSACS § Currently not supported in Cisco ISE 1.2

TCP / 49

Separate Authentication, Authorization, and Accounting processes

Encrypts the entire packet

Page 31: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

Cisco Secure ACS

31

Add Network Devices

Create Identity Group

Define User & Associate To Group

Page 32: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

The Role of Cisco IOS Routers & SwitchesUsing Command Authorization

32

Page 33: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand

© 2014 Cisco and/or its affiliates. All rights reserved. Session ID CP-1002 Cisco Public

Thank You for Joining Us Today

33

Download a copy of todays slides using the link in the chat.

Today’s webcast will be available on-demand within 48hrs.

Please complete the survey after closing the WebEx event.

Page 34: Joining Audio Broadcast - Typepad · Presentation_ID © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public Submit Questions 3 1. Click on the Q&A arrow to expand