Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
1
Replies

ISE 2.2 3850 Switch configuration current best practice

Leroy Plock
Level 1
Level 1

‎07-18-2018 08:38 AM - edited ‎02-21-2020 11:01 AM

Hi. I will soon be implementing wired NAC using ISE 2.2 patch 7 and 3850 edge switches. I've done this before but it's been several years. Rather than just repeating what I did previously I would like to follow what is currently considered best practice. Some things to consider are the best ways to:

1 Configure radius servers and groups, including timeouts for declaring them dead.

2. Fail-open interface and global configuration

3. Interface templates for dot1x config vs. putting the commands directly in the interface config

4. Pre-auth ACLs?

5. Should authorization profiles be service-templates?

6. device tracking config

etc.

Can anyone point me towards some good documentation for current best practices?

Thank you.

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎07-18-2018 10:58 AM

Hi,

This new cisco doc regarding Deploying ISE for Wired Access is a good start.

This link has a detail list of useful links regaring ISE

 

HTH

0 Helpful
Customers Also Viewed These Support Documents