Italik implemented a Cisco Identity Services Engine (ISE) solution for a council client to enable secure and differentiated wireless access for internal users, guests, partners, and conference attendees across 19 locations. The ISE solution profiles users and devices, enables BYOD, and ensures rigorous identity verification and flexible authentication options. The council and its partner MLR Networks were pleased with the reliable and future-proof solution delivered by Italik.
1. In conjunction with the existing Cisco Wireless LAN
Controller solutions, the Cisco ISE was configured to support
differentiated wireless services for the various types of users.
These included:
• Automated certificate-based 802.1X wireless for internal
users provisioned via user/password security and then
switching to certificate based security. This was deployed
using both single and dual SSID options
• Guest wireless managed via a central portal allowing
authorised sponsors to create guest accounts. Guests would
then be presented with a simple web login to gain access to
the network
• Partner wireless, managed via a central portal, allowing
authorised sponsors to create partner accounts. Partners
would login using 802.1X and a user/password combination
• Conference wireless, managed via a central portal, allowing
authorised sponsors to create conference accounts.
Conference users would connect using a username and
password combination and then be redirected to a
self-provisioning portal to create their own account
The Results
The ISE technology proved reliable and fully functional
allowing the ISE solution to work out identities, device
profiles and posture, such as who are you, where are you and
how are you trying to connect.
Cisco ISE is ensuring increased levels of security, allowing all
devices to connect to the network and also ensuring end users
are properly authenticated. ISE means the network is future
proof and Italik ensured they have a safe mobile device policy.
MLR Networks were delighted with the work and see Italik as
a trusted partner with whom they can build a long-term
relationship.
Benefits
• Extensive profiling capabilities to accurately identify
and assess all users and devices connecting to the
network
• Future-proofing their network
• Rigorous identity verifications
• Flexible authentication options to allow for future
requirements
• Extensible into the wired network when needed
• Significant BYOD/CYOD management cost savings
Italik provides reliable and flexible
differentiated wireless connectivity to a
council in the North West, working in
partnership with MLR Networks.
The Client wanted to take advantage of the growing trend for
personal device use in the workplace and needed a way of
provisioning mobile devices that access the network, which
would allow them to differentiate external users, internal
users, conference users and guests.
The solution had to complement the existing infrastructure
making good use of any existing technologies – The council
were specifically not seeking to replace any of its existing
Cisco Wi-Fi technologies.
The Challenge
MLR Networks recently won a contract to provide enhanced
authentication and user profiling options for the council’s
existing Cisco Wi-Fi provision and provide additional
capabilities and security options; in addition, there was a
business need to provide a “conference guest” model of
wireless services at various council buildings and other
conference facilities, some 19 locations in all. The solution
needed to be none device specific and be available for all
common devices such as Windows Laptop, Tablet, iMac, iPad,
iPhone, Android, Windows Mobile etc.
MLR Networks successfully proposed the deployment of Cisco
Identity Services Engine (ISE) technology. Cisco ISE is a
security policy management and control platform. It
automates and simplifies access control and security
compliance for wired, wireless, and VPN connectivity. It is
primarily used to provide secure access and guest access,
support BYOD initiatives, and enforce usage policies in
conjunction with Cisco TrustSec. Because Cisco ISE is a
complex solution, it requires a high level of expertise,
knowledge and Cisco Accreditations to be deployed correctly.
Italik are an Advanced Technology Partner for the Cisco ISE.
MRL Networks didn’t have the necessary ISE experience and
approached Italik to work with them and provide the expertise
and support required.
The Solution
Due to the complex nature of the project scope, over a week
was spent on site designing, configuring and implementing
the solution. We worked with the experts in the council as ISE
touches different systems which can’t work in isolation.
Laying Foundations for Council’s Vision
Case Study
Cisco ISE
Project
0845 226 1955