Cisco ISE, WLC and Umbrella Tripartite Pact

Wireless Controller WLC integration with Cisco ISE for access control through 802.1X is one of the most popular deployment in the network security field. Now is the employee PC safe after the authentication and authorization?even after the posture operation?

The answer is NO. The internet contains many threats that can destroy your network. Cisco ISE allows the internet connectivity for employee, or even the guest users, but BASTA. It cannot garantee a security for the threats that come from Internet.

To extend your security, you can integrate Cisco Umbrella with WLC and Cisco ISE.

The idea behind this tripartite pact integration is like the Berlin Pact!!!!: Cisco ISE authenticates and authorizes the emplyees, and also it instructs the WLC in which role the user should be assigned, this role is an AVP attribute called “Role” that you assign to anthorization profile, you create an Authorization Profile with AVP Role for each AD group users.

Now the users are assigned role based on their AD credentials. Once the the Authorization Policies based on the Role condition is ready, you can now configure on the WLC you can configure a Local Policy for each role, and tie the Cisco Umbrella profile to it.

Now how to handle these AD Groups on Cisco Umbrella to control which Categories the AD group users can use?.

When you integrate WLC with Umbrella ” which is the first step before moving to ISE”, this means the WLC will synchronize the Umbrella Profiles to Umbrella Cloud, in the Umbrella Dashboard you see the Umbrella Profiles as a Networks Devices which will act as identities for Umbrella policy creation.

Published by:

Redouane MEDDANE

Redouane MEDDANE is Cisco Instructor CCSI #35458, 3xCCNP Collaboration, Security and Enterprise and he a published author of some of the most important OSPF Protocol, Security and Collaboration books in the world titled OSPF Demystified With RFC, Network Security All-in-one, and Dial Plan and Call Routing Demystified on CUCM. He is also a blogger at ipdemystify.com and writes articles about collaboration and security to demystify the most complex topics. His books are known for their technical depth and accuracy especially the OSPF Demystified With RFC book, which is considered as the best OSPF book in the world and named "One of the best OSPF ebooks of all time" by BookAuthority It gives you a hint at the ability to explain complex topics with remarkable ease. He worked as a Cisco Instructor and consultant indifferent Cisco Learning Partner and awarded twice as Cisco Distinguished Instructor Award and Cisco Security Instructor Excellence Award on 2018 and 2019, and Cisco Collaboration Instructor Excellence Award on 2020. The Distinguished Instructor Award recognizes the top 5% of Cisco's most influential CCSI's who provide the highest quality training experience and demonstrate the best overall instructor performance across multiple Cisco technologie and Instructor Excellence Award recognizes the top 25% of elite CCSIs being recognized for delivering top quality training and maintaining high customer satisfaction in their field of expertise.

Categories SecurityLeave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s