Activation - DUO/Zero Trust - Network Access Control – Cisco Activation as a Service

Onboarding

Steps:

Step 1: Familiarize yourself with available Network Access Control (NAC) content
- Task 1: Leverage the Network Access Control (NAC) Cisco Community page and resources page
- Community
Step 2: Complete Smart Account setup
- Task 2: Set up Cisco Connection Online (CCO) ID and log in to Cisco Software Central
- Register
- Log In
- Task 3: Set up a Smart Account (SA) and Virtual Account (VA)
- Log In
- Task 4: Add all applicable SA and VA user roles in the Smart Account with required privileges
- Log In
Step 3: Validate Identity Services Engine (ISE) licenses
- Task 5: Install Identity Services Engine (ISE)
- Link
- Task 6: Validate the ISE licenses in your Smart Account
- Link
Step 4: Enable Telemetry
- Task 7: Enable ISE Telemetry
- Link
Step 5: Evaluate your security requirements
- Task 8: Evaluate the security needs in your environment
- Link
Step 6: Review compatibility and installation guides
- Task 9: Plan to review the installation and compatibility guides
- Installation Guide
- Compatibility Guide

Implement

Steps

Step 1: Perform post installation tasks
- Task 1: Review ISE performance and scale guide to determine the size of deployment needed
- Link
- Task 2: Review port reference guide and open the required firewall ports for features that will be in use
- Link
- Task 3: Review ISE Security Settings and disable the weak ciphers that are not in use. Then import certification authority (CA) signed certificates if needed
- Link
- Task 4: Create Command Live Line (CLI) and Web Administration with required roles and monitor ISE Alarms
- Link
Step 2: Configure scheduled backups and purge policies
- Task 5: Configure repository for scheduled backups and then schedule configuration and operational backups
- Link
- Task 6: Review and configure operational data purge settings as required
- Link
Step 3: Validate ISE is not on evaluation licenses
- Task 7: Ensure ISE is registered to a Smart Account
- Link
Step 4: Set up an ISE deployment successfully
- Task 8: Create an ISE deployment
- Link

Use

Steps

Step 1: Set up an ISE deployment successfully
- Task 1: Run the ISE endpoints and users
- Link
- Task 2: Utilize the diagnostic tools in ISE for help with authentication troubleshooting
- Link
- Task 3: Get familiarized with Context Visibility
- Link
Step 2: Create ISE policy sets
- Task 4: Create ISE policy sets for wired, wireless, VPN network access, and guest access
- Watch Video
Step 3: Ensure that network access is functioning successfully
- Task 5: Update policy conditions and results
- Link

Engage

Steps

Step 1: Validate your deployment against any critical errors
- Task 1: Review the alarms dashlet on the homepage
- Link
- Task 2: Run the ISE on-demand Health Check
- Link
Step 2: Scale your network access
- Task 3: Ensure that the minimum number of deployed licenses aligns with the size of the deployment
- Licensing Guide
- Release Notes

Adopt

Steps

Step 1: Familiarize yourself with common system maintenance tasks
- Task 1: Review the maintain and monitor section of the ISE administrator guide and implement as necessary
- Link
Step 2: Scale your network access
- Task 2: Ensure that the minimum number of deployed licenses aligns with the size of the deployment
- Licensing Guide
- Release Notes
Step 3: Identify and enable the ISE nodes to be used for device administration with TACACS+
- Task 3: Ensure smart account has adequate device administration licenses
- Link
- Watch Video
- Task 4: Learn about guest types, explore and build guest portals, and create policy sets for guest access
- Link
- Video Part 1
- Video Part 2
Step 4: Validate failover
- Task 5: Validate failover and high availability for the different ISE personas
- Link
Step 5: Leverage ISE Reports
- Task 6: Explore device administration and guest reports to ensure that access and authorization are working as intended. Plan to update policies as needed.
- Link

Related articles