-
![[Day 78] Cisco ISE Mastery Training: Profiling Policies & Conditions](https://networkjourney.com/wp-content/uploads/2025/08/Day-78-–-Cisco-ISE-Mastery-Training-Profiling-Policies-Conditions.png)
[Day 78] Cisco ISE Mastery Training: Profiling Policies & Conditions
Introduction Cisco ISE profiling is like giving the NAC engine eyes and intelligence.Without profiling, ISE knows a device only by its MAC or credentials. With profiling, ISE can identify: Profiling Policies and Conditions are the foundation of this process. For network access control to be […]
-
![[Day 77] Cisco ISE Mastery Training: Advanced Profiling Configuration](https://networkjourney.com/wp-content/uploads/2025/08/Day-77-–-Cisco-ISE-Mastery-Training-Advanced-Profiling-Configuration.png)
[Day 77] Cisco ISE Mastery Training: Advanced Profiling Configuration
Introduction “Who is on my network?” is only half the question—what they are matters even more. Cisco ISE’s Profiler turns raw signals (DHCP, RADIUS, SNMP, HTTP, device-sensor, NetFlow, etc.) into precise endpoint identities (e.g., “HP LaserJet Pro M404dn”, “Cisco 88xx IP Phone”, “Axis M30 camera”, […]
-
![[Day 76] Cisco ISE Mastery Training: Applying TrustSec in Wireless Networks](https://networkjourney.com/wp-content/uploads/2025/08/Day-76-–-Cisco-ISE-Mastery-Training-Applying-TrustSec-in-Wireless-Networks.png)
[Day 76] Cisco ISE Mastery Training: Applying TrustSec in Wireless Networks
Introduction Cisco TrustSec (CTS) extends identity-based access control to the wireless network, ensuring that security group policies follow users regardless of where or how they connect. In a wireless environment, the challenge is higher: clients roam between access points, switch between VLANs, and scale into […]
-
![[Day 75] Cisco ISE Mastery Training: Applying TrustSec in Wired Networks](https://networkjourney.com/wp-content/uploads/2025/08/Day-75-–-Cisco-ISE-Mastery-Training-Applying-TrustSec-in-Wired-Networks.png)
[Day 75] Cisco ISE Mastery Training: Applying TrustSec in Wired Networks
Introduction Wired networks still carry most enterprise East/West traffic, printers, IP phones, scanners, and user PCs. Cisco TrustSec replaces sprawling IP/VLAN ACLs with Security Group Tags (SGTs) and role-based enforcement. With ISE assigning SGTs at the port during 802.1X/MAB, your Catalyst switches can tag traffic […]
-
![[Day 74] Cisco ISE Mastery Training: TrustSec Policy Matrix](https://networkjourney.com/wp-content/uploads/2025/08/Day-74-–-Cisco-ISE-Mastery-Training-TrustSec-Policy-Matrix.png)
[Day 74] Cisco ISE Mastery Training: TrustSec Policy Matrix
Introduction Cisco TrustSec changes the game by letting us write security policies based on identity (SGT) instead of network constructs like IP or VLAN.The Policy Matrix is the central brain: a two-dimensional grid where rows = source SGT, columns = destination SGT, and each cell […]
-
![[Day 73] Cisco ISE Mastery Training: SGT Exchange Protocol (SXP) Configuration](https://networkjourney.com/wp-content/uploads/2025/08/Day-73-–-Cisco-ISE-Mastery-Training-SGT-Exchange-Protocol-SXP-Configuration.png)
[Day 73] Cisco ISE Mastery Training: SGT Exchange Protocol (SXP) Configuration
Introduction Scalable Group Tags (SGTs) are the foundation of Cisco TrustSec—labels that identify “who” a packet belongs to, decoupled from IP or VLAN. The Scalable Group Tag eXchange Protocol (SXP) is the control-plane that ships IP↔SGT bindings from where they’re learned (typically access edges) to […]
-
![[Day 72] Cisco ISE Mastery Training: Configuring Security Group Tags (SGTs)](https://networkjourney.com/wp-content/uploads/2025/08/Day-72-–-Cisco-ISE-Mastery-Training-Configuring-Security-Group-Tags-SGTs.png)
[Day 72] Cisco ISE Mastery Training: Configuring Security Group Tags (SGTs)
Introduction Security Group Tags (SGTs) are the identity currency of Cisco TrustSec. Instead of binding policy to IPs/VLANs, ISE assigns an SGT (e.g., HR=10, Finance=20, Guest=30) to users/devices at authentication time. These tags travel (inline) or are distributed (via SXP) so switches, WLCs, and firewalls […]
-
![[Day 71] – Cisco ISE Mastery Training: TrustSec Overview & Benefits](https://networkjourney.com/wp-content/uploads/2025/08/Day-71-–-Cisco-ISE-Mastery-Training-TrustSec-Overview-Benefits.png)
[Day 71] – Cisco ISE Mastery Training: TrustSec Overview & Benefits
Introduction Cisco TrustSec (CTS) is a next-generation access control framework that goes beyond traditional IP-based segmentation. Instead of relying on static VLANs and ACLs, it leverages Security Group Tags (SGTs) to dynamically classify traffic, enforce policies consistently across the enterprise, and scale security for modern […]
-
![[Day 70] Cisco ISE Mastery Training: Wireless NAC End-to-End Lab Validation](https://networkjourney.com/wp-content/uploads/2025/08/Day-70-Cisco-ISE-Mastery-Training-Wireless-NAC-End-to-End-Lab-Validation.png)
[Day 70] Cisco ISE Mastery Training: Wireless NAC End-to-End Lab Validation
Introduction Wireless NAC (Network Access Control) is one of the most critical security use-cases in enterprise networks. While wired NAC ensures endpoints connected via switches are authenticated and authorized, wireless NAC validation ensures every mobile, IoT, and BYOD device connecting through Wi-Fi is properly authenticated […]
-
![[Day 69] Cisco ISE Mastery Training: Detecting Rogue Access Points](https://networkjourney.com/wp-content/uploads/2025/08/Day-69-–-Cisco-ISE-Mastery-Training-Detecting-Rogue-Access-Points.png)
[Day 69] Cisco ISE Mastery Training: Detecting Rogue Access Points
Introduction Rogue APs are the wireless backdoor attackers don’t have to pick. A consumer router on a free LAN jack, a misconfigured travel AP, or a malicious evil-twin near your office can bypass NAC, leak data, or phish users. In a modern Cisco stack, WLC […]
