Course Description
This is a five day course based on Cisco Identity Services Engine
(ISE) version 1.1.1, a next-generation identity and access control
policy platform that provides a single policy plane across the entire
organization combining multiple services, including authentication,
authorization, and accounting (AAA), posture, profiling, device
on-boarding, and guest management, into a single context-aware
identity-based platform. The training provides students with the
knowledge and skills to enforce security posture compliance for wired
and wireless endpoints and enhance infrastructure security using the
Cisco ISE.
Special note
This course updates and replaces ISE v1.0.
Prerequisites
It is recommended that students have the following prior to attending this course:
- CCNA Security Certification
- Foundation-level network knowledge and skills necessary to install,
configure, operate, and troubleshoot network devices and applications
- Foundation-level wireless knowledge and skills
- Basic knowledge of Cisco IOS networking concepts
Audience
The primary audience for this course is as follows:
- Cisco Channel Parnter SEs and FEs
- Field engineers, network administrators, and consulting systems
engineers who implement and maintain the Cisco ISE in enterprise
networks
- Security architects, design engineers, network designers, and others seeking hands-on experience with the Cisco ISE
Skills taught
Upon successful completion of this course, students should be able to meet these overall objectives:
- Describe Cisco ISE architecture, installation, and distributed deployment options
- Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE
- Implement Cisco ISE web authentication and guest services
- Deploy Cisco ISE profiling, posture, and client provisioning services
- Describe administration, monitoring, troubleshooting, and TrustSec SGA security
Implementing and Configuring Cisco Identity Services Engine v1.x (SISE)
Module 1: Cisco ISE Product Overview
- Lesson 1: Introducing the Cisco ISE
- Lesson 2: Getting Started with Cisco ISE
Module 2: Cisco ISE Authentication and Authorization
- Lesson 1: Configuring Basic Access
- Lesson 2: Understanding External Authentication
- Lesson 3: Using Cisco ISE Dictionaries
- Lesson 4: Configuring Authorization
Module 3: Web Authentication and User Access Management
- Lesson 1: Implementing Web Authentication
- Lesson 2: Implementing Guest Services
Module 4: Cisco ISE Profiler, Posture, and Endpoint Protection Services
- Lesson 1: Implementing Cisco ISE Profiler Service
- Lesson 2: Implementing Cisco ISE Posture Service
- Lesson 3: Implementing Cisco ISE Endpoint Protection Services
- Lesson 4: Implementing BYOD
Module 5: Reports, Monitoring, Troubleshooting, and Security
- Lesson 1: Implementing Inline Posture and TrustSec Security
- Lesson 2: Describing the Cisco ISE Architecture
- Lesson 3: Performing Cisco ISE Administration and Maintenance
- Lesson 4: Using Cisco ISE Reporting, Monitoring, and Troubleshooting
Lab Outline
- Lab 1-1: Installing the Cisco ISE
- Lab 1-2: Certificate Operations
- Lab 1-3: Cisco ISE Node Deployment
- Lab 2-1: Configure and Add Network Access Devices to Cisco ISE
- Lab 2-2: Configure External Identity Sources
- Lab 2-3: Examine Cisco ISE Dictionaries
- Lab 2-4: Basic Cisco ISE Policies
- Lab 2-5: Configuring Multiple Cisco ISE Policies
- Lab 3-1: Configuring Cisco ISE Guest Services
- Lab 3-2: Guest Services Self-Registration
- Lab 4-1: Configuring Cisco ISE for Profiling
- Lab 4-2: Configuring Cisco ISE for Posture Assessment
- Lab 4-3: Endpoint Protections Services
- Lab 4-4: BYOD
- Lab 5-1: Logging Setup
- Lab 5-2: Cisco ISE Reporting
- Lab 5-3: Working with Cisco ISE Monitoring and Troubleshooting
- Lab 5-4: Patching Cisco ISE
- Lab A-1: GUI Orientation
- Lab A-2: Admin Access