SIMULATION
The Secure‐X company has started to tested the 802.1X authentication deployment using the Cisco
Catalyst 3560‐X layer 3 switch and the Cisco ISEvl2 appliance. Each employee desktop will be
connected to the 802.1X enabled switch port and will use the Cisco AnyConnect NAM 802.1X
supplicant to log in and connect to the network.
Your particular tasks in this simulation are to create a new identity source sequence named
AD_internal which will first use the Microsoft Active Directory (AD1) then use the ISE Internal User
database. Once the new identity source sequence has been configured, edit the existing DotlX
authentication policy to use the new AD_internal identity source sequence.
The Microsoft Active Directory (AD1) identity store has already been successfully configured, you
just need to reference it in your configuration.

In addition to the above, you are also tasked to edit the IT users authorization policy so IT users who
successfully authenticated will get the permission of the existing IT_Corp authorization profile.

Perform this simulation by accessing the ISE GUI to perform the following tasks:
• Create a new identity source sequence named AD_internal to first use the Microsoft Active
Directory (AD1) then use the ISE Internal User database
• Edit the existing Dot1X authentication policy to use the new AD_internal identity source
sequence:
• If authentication failed‐reject the access request
• If user is not found in AD‐Drop the request without sending a response
• If process failed‐Drop the request without sending a response
• Edit the IT users authorization policy so IT users who successfully authenticated will get the
permission of the existing IT_Corp authorization profile.
To access the ISE GUI, click the ISE icon in the topology diagram. To verify your configurations, from
the ISE GUI, you should also see the Authentication Succeeded event for the it1 user after you have
successfully defined the DotlX authentication policy to use the Microsoft Active Directory first then
use the ISE Internal User Database to authenticate the user. And in the Authentication Succeeded
event, you should see the IT_Corp authorization profile being applied to the it1 user. If your
configuration is not correct and ISE can’t authenticate the user against the Microsoft Active
Directory, you should see the Authentication Failed event instead for the it1 user.
Note: If you make a mistake in the Identity Source Sequence configuration, please delete the
Identity Source Sequence then re‐add a new one. The edit Identity Source Sequence function is not
implemented in this simulation.

Answer: See the explanation

Explanation:
Step 1: create a new identity source sequence named AD_internal which will first use the Microsoft
Active Directory (AD1) then use the ISE Internal User database as shown below:

Step 2: Edit the existing Dot1x policy to use the newly created Identity Source:
Then hit Done and save.