If your configuration is not correct and ISE can’t authenticate the user…
SIMULATION
The Secure-X company has started to tested the 802.1X authentication deployment using the
Cisco Catalyst 3560-X layer 3 switch and the Cisco ISEvl2 appliance. Each employee desktop will
be connected to the 802.1X enabled switch port and will use the Cisco AnyConnect NAM
802.1X supplicant to log in and connect to the network.
Your particular tasks in this simulation are to create a new identity source sequence named
AD_internal which will first use the Microsoft Active Directory (AD1) then use the ISE Internal
User database. Once the new identity source sequence has been configured, edit the existing
DotlX authentication policy to use the new AD_internal identity source sequence.
The Microsoft Active Directory (AD1) identity store has already been successfully configured,
you just need to reference it in your configuration.
In addition to the above, you are also tasked to edit the IT users authorization policy so IT users
who successfully authenticated will get the permission of the existing IT_Corp authorization
profile.
Perform this simulation by accessing the ISE GUI to perform the following tasks:
• Create a new identity source sequence named AD_internal to first use the Microsoft Active
Directory (AD1) then use the ISE Internal User database
• Edit the existing Dot1X authentication policy to use the new AD_internal identity source
sequence:
• If authentication failed-reject the access request
• If user is not found in AD-Drop the request without sending a response
• If process failed-Drop the request without sending a response
• Edit the IT users authorization policy so IT users who successfully authenticated will get the
permission of the existing IT_Corp authorization profile.
To access the ISE GUI, click the ISE icon in the topology diagram. To verify your configurations,
from the ISE GUI, you should also see the Authentication Succeeded event for the it1 user after
you have successfully defined the DotlX authentication policy to use the Microsoft Active
Directory first then use the ISE Internal User Database to authenticate the user. And in the
Authentication Succeeded event, you should see the IT_Corp authorization profile being
applied to the it1 user. If your configuration is not correct and ISE can’t authenticate the user
against the Microsoft Active Directory, you should see the Authentication Failed event instead
for the it1 user.
Note: If you make a mistake in the Identity Source Sequence configuration, please delete the
Identity Source Sequence then re-add a new one. The edit Identity Source Sequence function is
not implemented in this simulation.
Which four statements are correct regarding the event that occurred at 2014-05-07 00:19:07.004?
In this simulation, you are task to examine the various authentication events using the ISE GUI.
For example, you should see events like Authentication succeeded. Authentication failed and
etc…
Which four statements are correct regarding the event that occurred at 2014-05-07
00:19:07.004? (Choose four.)
Which command on the switch ensures that the Service-Type attribute is sent with all RADIUS authentication req
Which command on the switch ensures that the Service-Type attribute is sent with all RADIUS
authentication request?
Which description of the purpose of the Continue option in an authentication policy rule is true?
Which description of the purpose of the Continue option in an authentication policy rule is
true?
Which command must be added to address the issue?
A user configured a Cisco Identity Service Engine and switch to work with downloadable
access list for wired dot1x users, though it is failing to work. Which command must be added to
address the issue?
Which configuration is required in the Cisco ISE Authentication policy to allow Central Web Authentication?
Which configuration is required in the Cisco ISE Authentication policy to allow Central Web
Authentication?
Which profiling probe collects the user-agent string?
Which profiling probe collects the user-agent string?
Which two options can a sponsor select to create bulk guest accounts from the sponsor portal?
Which two options can a sponsor select to create bulk guest accounts from the sponsor portal?
(Choose two.)
which feature is available to a sponsor in a sponsor group?
In Cisco ISE 1.3, which feature is available to a sponsor in a sponsor group?
Which components must be selected for a client provisioning policy to do a Posture check on the Cisco ISE?
Which components must be selected for a client provisioning policy to do a Posture check on
the Cisco ISE?