+ All Categories
Home > Documents > Centralized Web Authentication (With COA)€¦ · NOTE-we are assuming the student have basic...

Centralized Web Authentication (With COA)€¦ · NOTE-we are assuming the student have basic...

Date post: 26-Jan-2021
Category:
Upload: others
View: 0 times
Download: 0 times
Share this document with a friend
21
Centralized Web Authentication (With COA) Platform: https://racks.uninets.com Lab Name: CCNP Security SISAS Topology Centralized Web Authentication (With COA)
Transcript
  • Centralized Web Authentication (With COA)

    Platform: https://racks.uninets.com

    Lab Name: CCNP Security SISAS

    Topology

    Centralized Web Authentication (With COA)

    https://racks.uninets.com/

  • TASK

    • To take the access of ISE GUI (from the management pc browse https://192.168.1.21)

    • To take the access of the user pc ( RDP from management pc 192.168.1.81)

    • To take the access of the physical switch( telnet from management pc 192.168.1.253)

    Explanation

    For centralized web authentication we need two DHCP pool one before portal authentication

    and another after portal authentication or COA. We need to create one DHCP pool of vlan 10 in

    the physical switch the other DHCP pool is already configured. We need to create an SVI in the

    switch for the DHCP and assign any random port to vlan 10 otherwise the SVI will not come up .

    After COA the ip renewal is necessary go to command prompt of the user pc and type ipconfig

    /release, ipconfig /renew. If you have java applet the ip renewal will be automatically done

    NOTE- we are assuming the student have basic knowledge about CWA and COA to do this practical

    Configure CWA according to the mentioned topology. Create an authentication rule which will

    bypass the authentication if user not found in the identity source sequence .Before the web

    authentication the user should be authorized with a restricted vlan of 10,with an ip address of

    network 10.1.2.0/24 ,an dacl of CWA-phase1,(which will permit http, https, dns. dhcp and a tcp

    connection to ISE on port 8443) and a redirect url. After the web auth the user should be

    authorized with a vlan of 192, a dacl of CWA-phase2 ( which will permit http https, dns, dhcp) .

    Use self registration portal

    Configuration

    WE will configure the following task in an order

    ISE configuration

    NAD Configuration

    Verification from the usurp

    ISE configuration-

    Take the GUI of the isehttps://192.168.1.21

    Add our network device or NAD device

    Administration>>network device>>add

    https://192.168.1.21/https://192.168.1.21/

  • Now will configure out portal settings work centers>>guest access >>portals and components

  • Next we will create our dacl CWA-PHASE1, CWA-PHASE2. Policy>>result>>authorization >>

    downloadable acl>>add

  • Next we will create our authorization profile policy >>results>>authorization>>authorization profile>>add

  • Next we will create our next authorization profile CWA_PHASE2

  • Next we will create our authentication rule policy>>default policy sets>>authentication

    policy>>add

  • Next we will create our authorization profile policy>>default policy sets>>authorization

    policy>>add

  • Next we will configure our next order. Configuration of switch or NAD

  • next we will verify our configuration from the user_pc send any https traffic an portal will appear

    sign on we will get an user name and password type the username and password then our vlan

    and ip address will change if ip address does not change it manually (as mentioned in the

    explanation part)


Recommended