ISE: PSN and PAN definitions

Home » Blog » Switching » ibns » ISE: PSN and PAN definitions

ISE: PSN and PAN definitions

07.03 2024 | by massimiliano

ISE manage the access control with the rules compliant for wired and wireless network; two principal element are: The technic […]



ISE manage the access control with the rules compliant for wired and wireless network; two principal element are:

  • PSN (Policy Service Node) : Radius server dedicated to network devices managed by PAN.
  • PAN (Policy Administration Node) : are splitted in two main categories such as Administration and Monitoring;

The technic of load-balancing have the scope to improve the routing based on policy back-traffic configured on Radius Server.

PSN Policy: The PSN rules regard the verify about PC compliant policies AAA ; the PC first must authenticate and if the authentication has been approved, start the authorization fases and only if even this procedure has been approved, the PC result compliant.

Private certificate: it is a certificate machine used to authentication

The employees connected via wired/wireless network must be authenticated with machine certificate in dot1x.

MAB Authentication

The method will be expected to provide sufficient information to profile the device type and create a MAC address table which will enable non-compliant devices to connect at a later date. 

Media Access Control (MAC) Authentication Bypass and Device Profiling is the preferred solution. 

For devices such as Video Conference systems, basic VoIP phones, etc., the device profiling should contain at least two independent checks in order to ensure security.

These checks should include a MAC Organisational Unique Identifier (OUI) inspection of the device, as a first step, and then check either the Dynamic Host Configuration Protocol (DHCP) options or perform an Operating System (OS) fingerprint check. 

Markets are recommended to deploy Cisco ISE as part of 802.1x control as it allows for secure LAN access for non 802.1x devices.

Torna in alto