Cisco ISE 802.1X Foundation Deployment
Cisco’s Identity Services Engine Delivered by Crossconnect
Cisco’s Wired 802.1x Solution – Identity Services Engine (ISE)
Wired 802.1X is an increasingly required security control in modern networks. Wired 802.1X puts a digital lock on the front door of our networks. Guests, employees or attackers need to be prevented from plugging in unauthorized computers and other devices into the network. Any unauthorized device can be a source of malicious software or traffic on the network leading to a serious security incident.
The Need for Port Security
802.1X was first released as a standard by IEEE in 2001. It was expected that it would have quick adoption as it solved an obvious security hole: Anyone with access to a building with an Ethernet switch could often get full access to the network. Twenty years have passed and many organizations have still not implemented this foundational security control. The reason is because though the problem is obvious, the solution is multi-faceted and complex. on the network leading to a serious security incident.
Complex Deployments Led to Mistrust
The deployment of 802.1X requires changes in the computer operating system, the switches in the network, and in Authentication, Authorization, and Accounting (AAA) systems. Computer operating systems must be configured with 802.1X settings and often have certificates installed for authentication. Different operating systems (Windows, Mac, Linux) implement 802.1X in different ways and with different behaviors.
In switches, 802.1X, RADIUS, and configurations for different failure scenarios must be configured. Vendors often take their own spin on 802.1X, both at the switch level and in the operating system, adding complexity. This technical complexity made early deployments of 802.1X fraught with outages. The risk of outage created distrust with 802.1X.
Both the products and engineers now have the decades of experience needed to make 802.1X deployments both successful in
modern networks and less impactful to users. Vendors of computer operating systems, switches, and AAA systems have matured their solutions. Engineers now implement phased 802.1X deployments that minimize impact on users.
Our Process
Pricing, Options and Deliverables
Seasoned Experts
Crossconnect has been deploying 802.1X with Cisco Identity Services Engine (ISE) since the product was released. Crossconnect is highly experienced with its design, deployment, and maintenance and is ready to assist with any Cisco ISE or 802.1X project.
Start the Journey
The Crossconnect 802.1X Foundation Deployment is ideal for organizations to start adopting wired 802.1X security and to be ready to expand network security controls in the future.
Service Deliverables:
The focus of the Foundational Deployment service is to adopt Wired 802.1X on a wired network with industry best practices for one site and five user switches. 802.1x is best adopted in a ‘slow and steady’ fashion, and starting with a small set of devices is recommended.
One Site, Five User Switches up to 48 Ports Each (Recommended adoption size,
but expandable options below)
Installation of two Cisco ISE servers running PAN, MNT, and PSN personas
Multi-phased installation (open mode, low-impact mode) to ensure minimal
user impact
EAP-TLS Certificate Authentication
Computer Authentication – Assures only organizationally-owned devices are
allowed on the network
Setup of two AAA servers for redundancy
Pricing
$26,400
/one-time
charge
Additional ISE Node
$2,000
Additional five 48 Port User Switches
$8,000
Create MS Certificate Authority Server (if needed)
$3,300
Wireless – one SSID w/EAP-TLS Authentication
$9,240
Initial configuration of TACACS and 5x Switches
$3,960
Configure 5x additional switches for TACACS
$1,320
Wired Guest Portals
Consult Sales
EAP-TEAP (User Authentication)
Consult Sales
Downloadable ACLs (East/West segmentation)
Consult Sales