SISE – Implementing and Configuring Cisco Identity Services Engine v2.1

In this course, you will learn about the Cisco Identity Services Engine (ISE)„a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x, MAB, web authentication, posture, profiling, device on-boarding, guest services, and VPN access into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

This course is an intensive hands-on experience. With enhanced hands-on labs, you will cover all facets of Cisco ISE version 2.1. You will learn how to configure fundamental elements of ISE and how to secure identity-based networks using 802.1X for both wired and wireless clients, using Windows 8 and Apple iPad endpoints. You will integrate the Cisco Virtual Wireless LAN Controller (vWLC) with advanced ISE features. You will also learn to use the following advanced features of Cisco ISE: Active Directory Integration, Policy Sets, EasyConnect, EAP-FAST with EAP Chaining, BYOD, AnyConnect 4.x Posture Module for LAN and VPN compliance, Threat Centric NAC using AMP, PxGrid, TACACS+ Device Management, and TrustSec Security Group Access.

Overview

  • ISE deployment options including node types, personas, and licensing
  • Install certificates into ISE using a Windows 2012 Certificate Authority (CA)
  • Configure the Local and Active Directory Based Identity Store and use of Identity Source Sequences
  • Configure AAA clients and network device groups
  • Implement Policy Sets to streamline Authentication and Authorization in the organization
  • Deploy EasyConnect as an alternative to 802.1X port based authentication
  • Implement 802.1X for wired and wireless networks using the AnyConnect 4.x NAM module, the latest dot1x commands on a catalyst switch, and version 7.4 of the vWLC
  • Configure policies to allow MAC Authentication Bypass (MAB) of endpoints
  • Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
  • Configure hotspot guest access, self-registration guest access, and sponsored guest access
  • Configure profiler services in ISE and use newer probes available in IOS switch code 15.x as well as vWLC 7.4 code
  • Work with Profiling feeds, logical profiles, and building profiling conditions to match network endpoints
  • Configure posture assessments using the new Cisco AnyConnect Secure Mobility 4.x posture module
  • Implement Threat Centric NAC using Cisco AMP for Endpoint and Adaptive Network Control (ANC)
  • Integrate the Cisco WSA with Cisco ISE using PxGrid technology to share contextual information about authenticated users
  • Configure Cisco ISE as a TACACS+ Server for Device Administration with Command Authorization
  • Configure Cisco ISE to integrate with a 5500-X ASA and a Catalyst Switch for TrustSec and implement end-to-end Security Group Tagging (SGT) and Security Group Access Control (SGACL)
  • Integrate Cisco ISE with MobileIron for Mobile Device Management MDM
  • Configure a high availability distributed deployment
  • Third Party Network Access Device Support
  • ?Maintenance, best practices, and logging?

Target Audience

  • Consulting systems engineers
  • Technical solutions architects
  • Integrators who install and implement the Cisco ISE version 2.1
  • End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE 2.1
  • ?Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product

Prerequisites

  • CCNA Security or equivalent level of experience with Cisco devices
  • Foundation-level wireless knowledge and skills
  • Familiarity with Microsoft Windows and Microsoft Active Directory
  • Familiarity with 802.1X
  • Familiarity with Cisco ASA
  • ?Familiarity with Cisco AnyConnect Secure Mobility Client

Expected Duration

5 day

Course Objectives

1. Introducing Cisco ISE Architecture and Deployment

  • Using Cisco ISE as a Network Access Policy Engine
  • Cisco ISE Deployment Models

2. Cisco ISE Policy Enforcement

  • 802.1X and MAB Access: Wired and Wireless
  • Identity Management
  • Configure Certificate Services
  • Cisco ISE Policy
  • Configuring Cisco ISE Policy Sets
  • Implementing Third-Party Network Access Device Support
  • Cisco TrustSec
  • EasyConnect

3. Web Auth and Guest Services

  • Web Access with Cisco ISE
  • ISE Guest Access Components
  • Configuring Guest Access Settings
  • Configuring Portals: Sponsors and Guests

4. Cisco ISE Profiler

  • Cisco ISE Profiler
  • Configuring Cisco ISE Profiling

5. Cisco ISE BYOD

  • Cisco ISE BYOD Process
  • BYOD Flow
  • Configuring My Devices Portal Settings
  • Configuring Certificates in BYOD Scenarios

6. Cisco ISE Endpoint Compliance Services

  • Endpoint Compliance
  • Configuring Client Posture Services and Provisioning in Cisco ISE

7. Cisco ISE with AMP and VPN-Based Services

  • VPN Access Using Cisco ISE
  • Configuring Cisco AMP for ISE

8. Cisco ISE Integrated Solutions with APIs

  • Location-Based Authorization
  • Cisco ISE 2.x pxGrid

9. Working with Network Access Devices

  • Configuring TACACS+ for Cisco ISE Device Administration

10. Cisco ISE Design

  • Designing and Deployment Best Practices
  • Performing Cisco ISE Installation and Configuration Best Practices
  • Deploying Failover and High-Availability

11. Configuring Third-Party NAD Support

Labs

SUBSCRIPTION COST


$3,895.00

 

NEED HELP OR NOT SURE?