Cisco SISAS 1.0: Certificate-based Authentication and Authorization

This course is for anyone wishing to obtain the Implementing Cisco Secure Access Solutions (SISAS) v1.0 300-208 certification; one of four designed for the CCNP Security track from Cisco. Knowledge of Cisco Certified Network Associate (CCNA) certification is required and knowledge of Cisco Certified Network Associate (CCNA) Security certification and Knowledge of Microsoft Windows Operating System are helpful.

Prerequisite
None

Expected Duration
120 minutes

Description
Certificate-based client authentication is used in EAP-TLS environments. An advantage of using EAP-TLS is the openness of the standard, wide vendor support, and high security. Authorization is performed after authentication, when the identity of the client is already established. The authorization attributes that are sent via RADIUS to the network access devices are first configured in the ISE as authorization profiles. In this course, you will learn about certificate-based client authentication. You will also explore Cisco Identity Services Engine (ISE) authorization including how the Cisco ISE performs authorization to assign privileges to client sessions, the use of downloadable ACLs as authorization policy elements, and how Cisco ISE authorization policy rules are used to match conditions and apply authorization profiles.

Objective

Certificate-based UserAuthentication

  • start the course
  • describe the use and implementation of certificates for clients
  • describe how to configure the 802.1X supplicant to use EAP-TLS
  • configure the 802.1X supplicant to use EAP-TLS
  • configure the 802.1X supplicant to use EAP-TLS
  • configure the 802.1X supplicant to use appropriate certificates
  • describe certificate authentication
  • verify EAP-TLS operation
  • describe the authorization in the Cisco Identity Services Engine (ISE)
  • describe the downloadable ACLs

Cisco ISE Authorization

  • describe the authorization policy
  • describe how to build compound conditions
  • describe the authorization configuration procedure and authorization profile
  • describe how to configure an authorization policy rule
  • describe how to configure an authorization policy rule
  • describe how to tune the default authorization rule
  • verify the authorization in the ISE GUI
  • verify machine authorization in the ISE GUI
  • verify the authorization on the switch
  • verify dACL assignment on the switch

Practice: EAP-TLS for Cisco ISE

  • to describe certificate-based client authentication in EAP-TLS and authorization in Cisco ISE

MONTHLY SUBSCRIPTION

$129/month
 

ANNUAL SUBSCRIPTION

$1295/year

Multi-license discounts available for Annual and Monthly subscriptions.