Cisco® Implementing and Configuring Cisco® Identity Services Engine 2.1 (SISE)

Overview

Overview

In this course, you will learn about the Cisco Identity Services Engine (ISE)—a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x, MAB, web authentication, posture, profiling, device on-boarding, guest services, and VPN access into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

Audience Profile

The audience for this course is as follows:

  • ISE Administrators/Engineers
  • Wireless Administrators/Engineers
  • Consulting Systems Engineers
  • Technical/Wireless/BYOD/Security Solutions Architects
  • ATP partner systems and field engineers
  • Systems integrators who install and implement the Cisco Identity Service Engine version 2.1

Prerequisite(s) Recommended

  • CCNA Security or equivalent level of experience with Cisco devices
  • Foundation-level wireless knowledge and skills
  • Familiarity with Microsoft Windows and Microsoft Active Directory
  • Familiarity with 802.1X. Familiarity with Cisco ASA
  • Familiarity with Cisco AnyConnect Secure Mobility Client
  • IINS – Implementing Cisco IOS Network Security 3.0
  • CCNA Security Boot Camp
  • SASAC – Implementing Core Cisco ASA Security v1.0

Learning Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

  • Describe Cisco ISE architecture, installation, and distributed deployment options
  • Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE
  • Implement Cisco ISE web authentication and guest services
  • Deploy Cisco ISE profiling, posture and client provisioning services
  • Describe administration, monitoring, troubleshooting, and TrustSec SGA security
  • Configure device administration using TACACS+ in Cisco ISE

Course Outline

Course Outline

Module 1: Introducing Cisco ISE Architecture and Deployment
Lessons
• Using Cisco ISE as a Network Access Policy Engine
• Cisco ISE Deployment Models
Lab: ISE Familiarization and Certificate Usage
Lab: Active Directory and Identity Source Sequences

Module 2: Cisco ISE Policy Enforcement
Lessons
• 802.1X and MAB Access: Wired and Wireless
• Identity Management
• Configure Certificate Services
• Cisco ISE Policy
• Configuring Cisco ISE Policy Sets
• Implementing Third-Party Network Access Device Support
• Cisco TrustSec
• EasyConnect
Lab: Conversion to Policy Sets
Lab: Access Policy for EasyConnect
Lab: 802.1X – Wired Networks – PEAP
Lab: 802.1X – Wired Networks – EAP-FAST
Lab: 802.1X – Wireless Networks
Lab: 802.1X – MAC Authentication Bypass (MAB)

Module 3: Web Auth and Guest Services
Lessons
• Web Access with Cisco ISE
• ISE Guest Access Components
• Configuring Guest Access Settings
• Configuring Portals: Sponsors and Guests
Lab: Centralized Web Authentication (CWA)
Lab; Guest Access and Reports

Module 4: Cisco ISE Profiler
Lessons
• Cisco ISE Profiler
• Configuring Cisco ISE Profiling
Lab: Endpoint Profiling and Reports

Module 5: Cisco ISE BYOD
Lessons
• Cisco ISE BYOD Process
• BYOD Flow
• Configuring My Devices Portal Settings
• Configuring Certificates in BYOD Scenarios
Lab: BYOD and My Device Portal

Module 6: Cisco ISE Endpoint Compliance Services
Lessons
• Endpoint Compliance
• Configuring Client Posture Services and Provisioning in Cisco ISE
Lab: Posture Compliance and Reports

Module 7: Cisco ISE with AMP and VPN-Based Services
Lessons
• VPN Access Using Cisco ISE
• Configuring Cisco AMP for ISE
Lab: Compliance based VPN Access
Lab: Threat Centric NAC using AMP and ANC

Module 8: Cisco ISE Integrated Solutions with APIs
Lessons
• Location-Based Authorization
• Cisco ISE 2.x pxGrid
Lab: pxGrid and WSA Integration

Module 9: Working with Network Access Devices
Lessons
• Configuring TACACS+ for Cisco ISE Device Administration
Lab: TACACS+ Device Administration
Lab: TrustSec Security Group Access

Module 10: Cisco ISE Design
Lessons
• Designing and Deployment Best Practices
• Performing Cisco ISE Installation and Configuration Best Practices
• Deploying Failover and High-Availability
Lab: ISE Distributed Deployment
Lab: MDM Integration

Module 11: Configuring Third-Party NAD Support

Register for Course

Tuition
Available Registrations: Unlimited
The Tuition ticket is sold out. You can try another ticket or another date.

Cost

$3,650.00

Course Code

FRCLCIS-36

Course Duration

5

Instructions Method

Instructor Led
Category
REGISTER