-
![[Day 140] Cisco ISE Mastery Training: Policy‑Based Segmentation](https://networkjourney.com/wp-content/uploads/2025/08/Day-140-–-Cisco-ISE-Mastery-Training-Policy‑Based-Segmentation.png)
[Day 140] Cisco ISE Mastery Training: Policy‑Based Segmentation
Introduction Policy-Based Segmentation is the practice of enforcing network access and micro-segmentation based on identity, device posture, and contextual policy rather than static topology (VLANs). Cisco ISE is the heart of this: it calculates who/what an endpoint is, evaluates device health and contextual signals, and […]
-
![[Day 139] Cisco ISE Mastery Training: Firewall Dynamic ACLs](https://networkjourney.com/wp-content/uploads/2025/08/Day-139-–-Cisco-ISE-Mastery-Training-Firewall-Dynamic-ACLs.png)
[Day 139] Cisco ISE Mastery Training: Firewall Dynamic ACLs
Introduction Firewall Dynamic ACLs (often called downloadable ACLs or dACLs) let Cisco ISE return per-session, per-user, or per-device access rules to enforcement points (firewalls, routers, switches, VPN gateways) at the moment the session is authorized. Instead of static, coarse ACLs tied to VLANs or host-based […]
-
![[Day 138] Cisco ISE Mastery Training: Mapping Zero Trust Policies with TrustSec](https://networkjourney.com/wp-content/uploads/2025/08/Day-138-–-Cisco-ISE-Mastery-Training-Mapping-Zero-Trust-Policies-with-TrustSec.png)
[Day 138] Cisco ISE Mastery Training: Mapping Zero Trust Policies with TrustSec
Introduction Zero Trust requires you to make decisions based on identity, device posture, and context — not on network topology (VLANs). Cisco TrustSec (SGTs + TrustSec enforcement) lets you express who/what can talk to what using Security Group Tags (SGTs) instead of brittle VLANs. Cisco […]
-
![[Day 137] Cisco ISE Mastery Training: Zero Trust Network Access (ZTNA)](https://networkjourney.com/wp-content/uploads/2025/08/Day-137-–-Cisco-ISE-Mastery-Training-Zero-Trust-Network-Access-ZTNA.png)
[Day 137] Cisco ISE Mastery Training: Zero Trust Network Access (ZTNA)
Introduction Zero Trust means never trust, always verify — identity, device posture, and contextual signals (time, location, app) must be evaluated before granting access to resources. Cisco ISE isn’t a full ZTNA gateway by itself, but it’s the policy decision point that tells enforcement points […]
-
![[Day 136] Cisco ISE Mastery Training: Industrial Switch OT Security](https://networkjourney.com/wp-content/uploads/2025/08/Day-136-–-Cisco-ISE-Mastery-Training-Industrial-Switch-OT-Security.png)
[Day 136] Cisco ISE Mastery Training: Industrial Switch OT Security
Introduction Industrial switches (Cisco IE, Hirschmann, Moxa, Aruba Industrial, etc.) connect PLCs, HMIs, cameras, sensors and other OT gear. These devices rarely support modern endpoint management or 802.1X, are often safety-critical, and require non-disruptive security controls. Cisco ISE becomes the control plane: it identifies OT […]
-
![[Day 135] Cisco ISE Mastery Training: IoT & OT Device Profiling](https://networkjourney.com/wp-content/uploads/2025/08/Day-135-–-Cisco-ISE-Mastery-Training-IoT-OT-Device-Profiling.png)
[Day 135] Cisco ISE Mastery Training: IoT & OT Device Profiling
Introduction IoT & OT devices (IP cameras, PLCs, medical devices, building management systems, printers, POS terminals) are everywhere — but they are not like laptops: they often lack modern identity controls, run legacy protocols, and may be unmanaged for years. That makes them the highest-risk […]
-
![[Day 134] Cisco ISE Mastery Training: Advanced Profiling – Custom Probes](https://networkjourney.com/wp-content/uploads/2025/08/Day-134-–-Cisco-ISE-Mastery-Training-Advanced-Profiling-–-Custom-Probes.png)
[Day 134] Cisco ISE Mastery Training: Advanced Profiling – Custom Probes
Introduction Profiling = the “how do we know what’s on the wire” function of ISE. Out of the box, ISE can identify many clients from DHCP, RADIUS, HTTP headers, SNMP, NetFlow, DNS, and other probes. But real networks contain new IoT devices, industrial gear, and […]
-
![[Day 133] Cisco ISE Mastery Training: MFA Integration (Duo, RSA SecurID)](https://networkjourney.com/wp-content/uploads/2025/08/Day-133-–-Cisco-ISE-Mastery-Training-MFA-Integration-Duo-RSA-SecurID.png)
[Day 133] Cisco ISE Mastery Training: MFA Integration (Duo, RSA SecurID)
Introduction Multi-factor authentication (MFA) is now table stakes: passwords alone are not sufficient. Cisco ISE sits at the center of network access control — it’s the ideal enforcement point to require a second factor before granting access to sensitive networks or services. Integrating an MFA […]
-
![[Day 131] Cisco ISE Mastery Training: Custom Guest Portal Branding (HTML/CSS)](https://networkjourney.com/wp-content/uploads/2025/08/Day-131-–-Cisco-ISE-Mastery-Training-Custom-Guest-Portal-Branding-HTML_CSS.png)
[Day 131] Cisco ISE Mastery Training: Custom Guest Portal Branding (HTML/CSS)
Introduction Custom guest portals are the front door your users first see. A well-branded, responsive portal increases trust, reduces helpdesk calls, and improves adoptions of guest / BYOD flows. In ISE, portal customization is powerful: you can change layout, colors, logos, text, and insert small […]
-
![[Day 132] Cisco ISE Mastery Training: SMS Gateway & OTP Authentication](https://networkjourney.com/wp-content/uploads/2025/08/Day-132-–-Cisco-ISE-Mastery-Training-SMS-Gateway-OTP-Authentication.png)
[Day 132] Cisco ISE Mastery Training: SMS Gateway & OTP Authentication
Introduction Imagine a visitor at Reception: instead of the receptionist reading out credentials, the visitor enters their mobile number and instantly receives a one-time code on their phone — quick, frictionless, and auditable. SMS OTP is the simplest multi-factor flow for guest access: low barrier […]
