The Renaissance of NAC with Casper Suite and Cisco ISE

Watch this JNUC session in its entirety.

There is a great integration piece in the Casper Suite with Cisco ISE. John Neumann, IT Manager at Aquinas College, explained how this integration works and provided insight on use cases. Neumann outlined some common pitfalls when it comes to Cisco ISE and other network vendor integrations and discover ways to avoid.

Neumann discussed Network Admission Control (NAC), 802.1x methods, and wireless LAN design considerations to ensure a smooth user onboarding experience. He started off by explaining how his 1,200+ student network works with Cisco ISE and Jamf.

“Define your goal first. Start simple. The right user, using the right device, securely connected to the right network with access to the right resources,” stated Neumann about the importance of planning ahead. He further broke down how network planning is all about user visibility, type of device (organization or user-owned), thinking beyond just SSIDs, and not just blocking content but rather adding value.

When discussing the building blocks of identity based networks - like Cisco ISE – he talked about the changes to macOS, “starting with 10.7 Lion, you need profiles in order to interact with the supplicant, which means you need an MDM solution like Jamf.”

Neumann then went into further detail in regards to wireless security considerations by discussing the importance of Protected Extensible Authentication Protocol (PEAP). He discussed how configuration profiles and certificates provide better security over common WPA2 Enterprise networks.

Finally Neumann wrapped up by stating, “Cisco ISE checks to see if the device is enrolled with Jamf or not. If it’s fully compliant with Jamf, then it has full access to the network.” This underscored how a service like Cisco ISE can help protect your network by redirecting unenrolled devices to the JSS enrollment screen before allowing full network access.