Course Description
Implementing and Configuring Cisco Identity Services Engine (SISE v1.1) is a 5-day course based on Cisco Identity Services Engine (ISE) version 1.1.1, a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management, into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.
In addition to the normal content covered in the SISE v1.1 course, Skyline ATS has added several enhancements. Additional lecture material covering the Single & Dual Wireless SSID BYOD (Bring Your Own Device) configuration has been added to the course. Enhanced 'Real World' BYOD lab exercises using Mobile Devices (Apple iPads) has also been added. In addition to the BYOD enhancements, 'Real World' lab exercises covering MAB, 802.1x-Wired, 802.1 x-Wireless, Web Authentication, Posture Assessment, & Profiling are also included.
Agenda
Course Introduction
- Overview
- Course Goal and Objectives
- Course Flow
Module 1: Cisco ISE Product Overview
Lesson 1: Introducing the Cisco ISE
- Overview of Cisco TrustSec
- Overview of Cisco ISE
- Cisco ISE Architecture
- Cisco ISE Deployment Options
Lesson 2: Getting Started with Cisco ISE
- Installing Cisco ISE
- Network Time Protocol
- Cisco ISE Certificates
- Monitoring Basics
- Configuring and Verifying Cisco ISE for Distributed Deployment
Module 2: Cisco ISE Authentication and Authorization
Lesson 1: Configuring Basic Access
- NAD Overview
- IEEE 802.1X Primer
- Cisco Switch Configuration
- Cisco WLC Configuration
- Cisco ASA Appliance Configuration
- Cisco ISE Authentication Process
- Internal Databases
- Simple Authentication
- Rule-Based Authentication
- Sessions in Cisco ISE
Lesson 2: Understanding External Authentication
- External Authentication Process
- Active Directory
- Lightweight Directory Access Protocol
- RADIUS
- Certificates
- Identity Source Sequencing
- Authentication Support and Performance
Lesson 3: Using Cisco ISE Dictionaries
- Overview of Cisco ISE Dictionaries
- Read-Only Dictionaries
- Administrable Dictionaries
- RADIUS Vendor Dictionaries
Lesson 4: Configuring Authorization
- Authorization Policies and Components
- Authorization Policy Configuration
- Exception Policies
Module 3: Web Authentication and User Access Management
Lesson 1: Implementing Web Authentication
- Web Authentication Overview
- Configure Cisco ISE Web Authentication
- Verifying Web Authentication
Lesson 2: Implementing Guest Services
- Guest Services Overview
- Preparing the Deployment
- Configuring Sponsor Portal
- Configuring Guest Portal
- Creating Guest Accounts
- Verifying Guest Accounts
Module 4: Cisco ISE Profiler, Posture, and Endpoint Protection Services
Lesson 1: Implementing Cisco ISE Profiler Service
- Profiler Service Overview
- Configuring Profiling on Cisco ISE
- Verifying Profiling
Lesson 2: Implementing Cisco ISE Posture Service
- Posture Service Overview
- Configuring Cisco ISE for Client Provisioning
- Adapting the Authorization Policy for Posture Compliance
- Configuring the Posture System Settings
- Configuring the Posture Policy
- Verifying the Posture Service
Lesson 3: Implementing Cisco ISE Endpoint Protection Services
- EPS Overview
- Configuring EPS
- Monitoring EPS
Lesson 4: Implementing BYOD
- BYOD Overview
- Designing BYOD
- Dual SSID BYOD Design
- Device Onboarding User Experience
- Single SSID BYOD Configuration-Enhanced
- Dual SSID BYOD Configuration-Enhanced
Module 5: Reports, Monitoring, Troubleshooting, and Security
Lesson 1: Implementing Inline Posture and TrustSec Security
- Inline Posture
- Security Group Access
- MAC Security
Lesson 2: Describing the Cisco ISE Architecture
- Cisco ISE Deployment Types
- Deploying Monitoring Personas
- Preparing the Network Infrastructure
Lesson 3: Performing Cisco ISE Administration and Maintenance
- Role-Based Access Control
- Cisco ISE Licensing
- Backing Up and Restoring the System Configuration
Lesson 4: Using Cisco ISE Reporting, Monitoring, and Troubleshooting
- Cisco ISE Dashboard Monitoring
- Implementing Logging
- Managing Alarms
- Cisco ISE Reports
- Troubleshooting the Network
- Backing Up and Restoring the Monitoring Database
Lab Outline
Lab 1-1: Installing the Cisco ISE
Lab 1-2: Certificate Operations
Lab 1-3: Cisco ISE Node Deployment
Lab 1-4: GUI Orientation (Optional)
Lab 2-1: Configure and Add Network Access Devices to Cisco ISE
Lab 2-2: Configure External Identity Sources
Lab 2-3: Examine Cisco ISE Dictionaries
Lab 2-4: Basic Cisco ISE Policies
Lab 2-5: Configuring Multiple Cisco ISE Policies
Lab 3-1: Configuring Cisco ISE Guest Services
Lab 3-2: Guest Services Self-Registration
Lab 4-1: Configuring Cisco ISE for Profiling
Lab 4-2: Configuring Cisco ISE for Posture Assessment
Lab 4-3: Endpoint Protections Services
Lab 4-4: Configure Cisco ISE for Single SSID Wireless BYOD configuration
Lab 5-1: Logging Setup
Lab 5-2: Cisco ISE Reporting
Lab 5-3: Working with Cisco ISE Monitoring and Troubleshooting
Lab 5-4: Patching Cisco ISE
Lab 5-5: Admin Access (Optional)
Audience
The primary audience for this course is as follows:
- Employee
- Channel Partner or Reseller
- Customer