SISE: Implementing and Configuring Cisco Identity Services Engine v2.1

$3,795.00
$3,795.00
$3,795.00
$3,795.00
$3,795.00
$3,795.00
$3,795.00
Start Date Time Days Price GTR Availability
June 05, 2017 10:00 (EST) 5 $3,795.00 Register
July 10, 2017 10:00 (EST) 5 $3,795.00 Register
August 07, 2017 10:00 (EST) 5 $3,795.00 Register
September 11, 2017 10:00 (EST) 5 $3,795.00 Register
October 09, 2017 10:00 (EST) 5 $3,795.00 Register
November 06, 2017 10:00 (EST) 5 $3,795.00 Register
December 04, 2017 10:00 (EST) 5 $3,795.00 Register

Course Overview

Learn to install, configure, and deploy ISE with enhanced labs written for ISE version 2.1

Implementing and Configuring Cisco Identity Services Engine (SISE) v2.1 is a 5-day training program geared towards students who have no prior knowledge of ISE and 802.1X. The ISE product is Cisco’s flagship security product, intended to replace several major current products, including NAC Servers and Managers, NAC Profiler, Guest Server, Profiler, and the Cisco Secure Access Control Server (ACS). In this course with enhanced hands-on labs, you will cover the Cisco Identity Services Engine (ISE) version 2.1, a next generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management. You will gain the knowledge and skills needed to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE. You will learn how to perform a fundamental installation of ISE and how to configure identity-based networks using 802.1X for both wired and wireless clients, using a Windows 7 client. You will also learn to use many of the new features, including AnyConnect 3.1, EAP-FAST, PEAP, BYOD, and EAP Chaining. You’ll also see how the new Virtual Wireless Controller (vWLC) works to integrate with ISE along with advanced features within ISE.

 

Who Should Attend

  • End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE
  • Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product

 

Prerequisites

  • CCNA certification or equivalent level of experience configuring Cisco routers and switches
  • Basic knowledge of IOS commands
  • LAN security related concepts
  • 802.1X – Introduction to 802.1X Operations for Cisco Security Professionals

 

Course Objectives:

  • ISE deployment options including node types, personas, and licensing
  • Install certificates into ISE using a Windows 2008 certificate authority (CA)
  • Configure AAA clients and network device groups
  • Configure local and remote identity store and use of sequence lists
  • 802.1X for wired and wireless networks using the latest dot1x commands on a switch and version 7.3 of the vWLC:PEAP Authentication (GPO configuration)
  • EAP-FAST Authentication
  • Extensible authentication protocol (EAP) chaining
  • Service set identifier (SSID) matching in authorization policies
  • Configure authorization and authentication policies to allow MAC Authentication Bypass endpoints
  • Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
  • Configure sponsored guest access
  • Configure profiler services in ISE and use newer probes available in IOS switch code 15.x
  • Configure posture assessments using the Cisco next available agent (NAA) and offline updates in ISE
  • Configure web agent assessment for non-corporate assets
  • Bring your own device (BYOD) using single SSID and dual SSID modes
  • Maintenance, upgrading, and logging

 

Module 1: Cisco ISE Product

  • Cisco ISE
  • Cisco TrustSec
  • Cisco ISE Architecture
  • Cisco ISE Deployment Options
  • Getting Started with Cisco ISE Installing Cisco ISE
  • Network Time Protocol
  • Cisco ISE Certificates
  • Monitoring Basics
  • Configuring and Verifying Cisco ISE for Distributed Deployment

 

Module 2: Cisco ISE Authentication and Authorization

  • Configuring Basic Access
  • Network Access Device (NAD)
  • IEEE 802.1X Primer
  • Cisco Switch Configuration
  • Cisco WLC Configuration
  • Cisco ASA Appliance Configuration
  • Cisco ISE Authentication Process
  • Internal Databases
  • Simple Authentication
  • Rule-Based Authentication
  • Sessions in Cisco ISE
  • External Authentication
  • External Authentication Process
  • Active Directory
  • Lightweight Directory Access Protocol (LDAP)
  • RADIUS
  • Certificates
  • Identity Source Sequencing
  • Authentication Support and Performance
  • Using Cisco ISE Dictionaries
  • Cisco ISE Dictionaries
  • Read-Only Dictionaries
  • Administrable Dictionaries
  • RADIUS Vendor Dictionaries
  • Configuring Authorization
  • Authorization Policies and Components
  • Authorization Policy Configuration
  • Exception Policies

 

Module 3: Web Authentication and User Access Management

  • Implementing Web Authentication
  • Web Authentication
  • Configure Cisco ISE Web Authentication
  • Verifying Web Authentication
  • Implementing Guest Services
  • Guest Services
  • Preparing the Deployment
  • Configuring Sponsor Portal
  • Configuring Guest Portal
  • Creating Guest Accounts
  • Verifying Guest Accounts

 

Module 4: Cisco ISE Profiler, Posture, and Endpoint Protection Services

  • Implementing Cisco ISE Profiler Service
  • Profiler Service
  • Configuring Profiling on Cisco ISE
  • Verifying Profiling
  • Implementing Cisco ISE Posture Service
  • Posture Service
  • Configuring Cisco ISE for Client Provisioning
  • Adapting the Authorization Policy for Posture Compliance
  • Configuring the Posture System Settings
  • Configuring the Posture Policy
  • Verifying the Posture Service
  • Implementing Cisco ISE Endpoint Protection Services (EPS)EPS
  • Configuring EPS
  • Monitoring EPS
  • Implementing BYOD
  • BYOD
  • Designing BYOD
  • Dual SSID BYOD Design
  • Device Onboarding User Experience

 

Module 5: Reports, Monitoring, Troubleshooting, and Security

  • Implementing Inline Posture and TrustSec Security
  • Inline Posture
  • Security Group Access
  • MAC Security
  • Cisco ISE Architecture
  • Cisco ISE Deployment Types
  • Deploying Monitoring Personas
  • Preparing the Network Infrastructure
  • Performing Cisco ISE Administration and Maintenance
  • Role-Based Access Control
  • Cisco ISE Licensing
  • Backing Up and Restoring the System Configuration
  • Using Cisco ISE Reporting, Monitoring, and Troubleshooting
  • Cisco ISE Dashboard Monitoring
  • Implementing Logging
  • Managing Alarms
  • Cisco ISE Reports
  • Troubleshooting the Network
  • Backing Up and Restoring the Monitoring Database

 

Lab Outline

Lab 1: ISE Installation and Web Console Familiarization

Lab 2: Install a Certificate in ISE

Lab 3: Configure an ISE Distributed Deployment

Lab 4: Local and Remote Identity Stores using Active Directory and Sequence Lists

Lab 5: 802.1X: Examining and Configuring Supplicants

Lab 6: 802.1X: Wired Networks

Lab 7: 802.1X: MAR and EAP Chaining

Lab 8: 802.1X: Wireless Networks

Lab 9: 802.1X: MAC Authentication Bypass (MAB)

Lab 10: CWA for Wired and Wireless Networks and My Device Portal

Lab 11: Provide Guest Access Using Self-Registration

Lab 12: Configure Profiler Services

Lab 13: Configure Posture Services

Lab 14: Endpoint Protection Services

Lab 15: BYOD

Lab 16: Maintenance and Monitoring of ISE