Log On/Register  

855.838.5028

Cisco - SISE: Implementing and Configuring Cisco Identity Services Engine

Duration: 5 Days
Course Price: $3,750

Learn to install, configure, and deploy ISE with enhanced labs written for ISE version 1.3

This course is geared towards students who have no prior knowledge of ISE and 802.1X. The ISE product is Cisco's flagship security product, intended to replace several major current products, including NAC Servers and Managers, NAC Profiler, Guest Server, Profiler, and the Cisco Secure Access Control Server (ACS).

In this course with enhanced hands-on labs, you will cover the Cisco Identity Services Engine (ISE) version 1.3, a next generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management. You will gain the knowledge and skills needed to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

You will learn how to perform a fundamental installation of ISE and how to configure identity-based networks using 802.1X for both wired and wireless clients, using a Windows 7 client. You will also learn to use many of the new features, including AnyConnect 3.1, EAP-FAST, PEAP, BYOD, and EAP Chaining. You'll also see how the new Virtual Wireless Controller (vWLC) works to integrate with ISE along with advanced features within ISE.

Course Objectives:

  • ISE deployment options including node types, personas, and licensing
  • Install certificates into ISE using a Windows 2008 certificate authority (CA)
  • Configure AAA clients and network device groups
  • Configure local and remote identity store and use of sequence lists
  • 802.1X for wired and wireless networks using the latest dot1x commands on a switch and version 7.3 of the vWLC:PEAP Authentication (GPO configuration)
  • EAP-FAST Authentication
  • Extensible authentication protocol (EAP) chaining
  • Service set identifier (SSID) matching in authorization policies
  • Configure authorization and authentication policies to allow MAC Authentication Bypass endpoints
  • Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
  • Configure sponsored guest access
  • Configure profiler services in ISE and use newer probes available in IOS switch code 15.x
  • Configure posture assessments using the Cisco next available agent (NAA) and offline updates in ISE
  • Configure web agent assessment for non-corporate assets
  • Bring your own device (BYOD) using single SSID and dual SSID modes
  • Maintenance, upgrading, and logging

Who Should Attend

  • End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE
  • Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product

Learn to install, configure, and deploy ISE with enhanced labs written for ISE version 1.3

This course is geared towards students who have no prior knowledge of ISE and 802.1X. The ISE product is Cisco's flagship security product, intended to replace several major current products, including NAC Servers and Managers, NAC Profiler, Guest Server, Profiler, and the Cisco Secure Access Control Server (ACS).

In this course with enhanced hands-on labs, you will cover the Cisco Identity Services Engine (ISE) version 1.3, a next generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management. You will gain the knowledge and skills needed to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

You will learn how to perform a fundamental installation of ISE and how to configure identity-based networks using 802.1X for both wired and wireless clients, using a Windows 7 client. You will also learn to use many of the new features, including AnyConnect 3.1, EAP-FAST, PEAP, BYOD, and EAP Chaining. You'll also see how the new Virtual Wireless Controller (vWLC) works to integrate with ISE along with advanced features within ISE.

Course Objectives:

  • ISE deployment options including node types, personas, and licensing
  • Install certificates into ISE using a Windows 2008 certificate authority (CA)
  • Configure AAA clients and network device groups
  • Configure local and remote identity store and use of sequence lists
  • 802.1X for wired and wireless networks using the latest dot1x commands on a switch and version 7.3 of the vWLC:PEAP Authentication (GPO configuration)
  • EAP-FAST Authentication
  • Extensible authentication protocol (EAP) chaining
  • Service set identifier (SSID) matching in authorization policies
  • Configure authorization and authentication policies to allow MAC Authentication Bypass endpoints
  • Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
  • Configure sponsored guest access
  • Configure profiler services in ISE and use newer probes available in IOS switch code 15.x
  • Configure posture assessments using the Cisco next available agent (NAA) and offline updates in ISE
  • Configure web agent assessment for non-corporate assets
  • Bring your own device (BYOD) using single SSID and dual SSID modes
  • Maintenance, upgrading, and logging

Who Should Attend

  • End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE
  • Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product

Prerequisites

  • CCNA certification or equivalent level of experience configuring Cisco routers and switches
  • Basic knowledge of IOS commands
  • LAN security related concepts
  • 802.1X - Introduction to 802.1X Operations for Cisco Security Professionals

Course Outline

Lesson 1: Cisco ISE Product

  • Cisco ISE
  • Cisco TrustSec
  • Cisco ISE Architecture
  • Cisco ISE Deployment Options
  • Getting Started with Cisco ISE Installing Cisco ISE
  • Network Time Protocol
  • Cisco ISE Certificates
  • Monitoring Basics
  • Configuring and Verifying Cisco ISE for Distributed Deployment

Lesson 2: Cisco ISE Authentication and Authorization

  • Configuring Basic Access
  • Network Access Device (NAD)
  • IEEE 802.1X Primer
  • Cisco Switch Configuration
  • Cisco WLC Configuration
  • Cisco ASA Appliance Configuration
  • Cisco ISE Authentication Process
  • Internal Databases
  • Simple Authentication
  • Rule-Based Authentication
  • Sessions in Cisco ISE
  • External Authentication
  • External Authentication Process
  • Active Directory
  • Lightweight Directory Access Protocol (LDAP)
  • RADIUS
  • Certificates
  • Identity Source Sequencing
  • Authentication Support and Performance
  • Using Cisco ISE Dictionaries
  • Cisco ISE Dictionaries
  • Read-Only Dictionaries
  • Administrable Dictionaries
  • RADIUS Vendor Dictionaries
  • Configuring Authorization
  • Authorization Policies and Components
  • Authorization Policy Configuration
  • Exception Policies

Lesson 3: Web Authentication and User Access Management

  • Implementing Web Authentication
  • Web Authentication
  • Configure Cisco ISE Web Authentication
  • Verifying Web Authentication
  • Implementing Guest Services
  • Guest Services
  • Preparing the Deployment
  • Configuring Sponsor Portal
  • Configuring Guest Portal
  • Creating Guest Accounts
  • Verifying Guest Accounts

Lesson 4: Cisco ISE Profiler, Posture, and Endpoint Protection Services

  • Implementing Cisco ISE Profiler Service
  • Profiler Service
  • Configuring Profiling on Cisco ISE
  • Verifying Profiling
  • Implementing Cisco ISE Posture Service
  • Posture Service
  • Configuring Cisco ISE for Client Provisioning
  • Adapting the Authorization Policy for Posture Compliance
  • Configuring the Posture System Settings
  • Configuring the Posture Policy
  • Verifying the Posture Service
  • Implementing Cisco ISE Endpoint Protection Services (EPS)EPS
  • Configuring EPS
  • Monitoring EPS
  • Implementing BYOD
  • BYOD
  • Designing BYOD
  • Dual SSID BYOD Design
  • Device Onboarding User Experience

Lesson 5: Reports, Monitoring, Troubleshooting, and Security

  • Implementing Inline Posture and TrustSec Security
  • Inline Posture
  • Security Group Access
  • MAC Security
  • Cisco ISE Architecture
  • Cisco ISE Deployment Types
  • Deploying Monitoring Personas
  • Preparing the Network Infrastructure
  • Performing Cisco ISE Administration and Maintenance
  • Role-Based Access Control
  • Cisco ISE Licensing
  • Backing Up and Restoring the System Configuration
  • Using Cisco ISE Reporting, Monitoring, and Troubleshooting
  • Cisco ISE Dashboard Monitoring
  • Implementing Logging
  • Managing Alarms
  • Cisco ISE Reports
  • Troubleshooting the Network
  • Backing Up and Restoring the Monitoring Database

Lab Outline

  • Lab 1: ISE Installation and Web Console Familiarization
  • Lab 2: Install a Certificate in ISE
  • Lab 3: Configure an ISE Distributed Deployment
  • Lab 4: Local and Remote Identity Stores using Active Directory and Sequence Lists
  • Lab 5: 802.1X: Examining and Configuring Supplicants
  • Lab 6: 802.1X: Wired Networks
  • Lab 7: 802.1X: MAR and EAP Chaining
  • Lab 8: 802.1X: Wireless Networks
  • Lab 9: 802.1X: MAC Authentication Bypass (MAB)
  • Lab 10: CWA for Wired and Wireless Networks and My Device Portal
  • Lab 11: Provide Guest Access Using Self-Registration
  • Lab 12: Configure Profiler Services
  • Lab 13: Configure Posture Services
  • Lab 14: Endpoint Protection Services
  • Lab 15: BYOD
  • Lab 16: Maintenance and Monitoring of ISE
Learn More
Please type the letters below so we know you are not a robot (upper or lower case):