Implementing and Configuring Cisco Identity Services Engine Training v2.1 (SISE)

Introduction:

Implementing and Configuring Cisco Identity Services Engine Training v2.1 (SISE) Course Hands-on

Learn to install, configure, and deploy ISE with enhanced labs written for ISE v2.1 with this Implementing and Configuring Cisco Identity Services Engine Training v2.1 (SISE)

In this Implementing and Configuring Cisco Identity Services Engine Training v2.1 (SISE) course, you will learn about the Cisco Identity Services Engine (ISE)—a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x, MAB, web authentication, posture, profiling, device on-boarding, guest services, and VPN access into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

This Implementing and Configuring Cisco Identity Services Engine Training v2.1 (SISE) course is an intensive hands-on experience. With enhanced hands-on labs, you will cover all facets of Cisco ISE version 2.1. With Implementing and Configuring Cisco Identity Services Engine Training v2.1 (SISE), you will also learn how to configure fundamental elements of ISE and how to secure identity-based networks using 802.1X for both wired and wireless clients, using Windows 8 and Apple iPad endpoints. You will integrate the Cisco Virtual Wireless LAN Controller (vWLC) with advanced ISE features. You will also learn to use the following advanced features of Cisco ISE: Active Directory Integration, Policy Sets, EasyConnect, EAP-FAST with EAP Chaining, BYOD, AnyConnect 4.x Posture Module for LAN and VPN compliance, Threat Centric NAC using AMP, PxGrid, TACACS+ Device Management, and TrustSec Security Group Access.

Customize It!

● We can adapt this course to your group’s background and work requirements at little to no added cost.
● If you are familiar with some aspects of this Implementing and Configuring Cisco Identity Services Engine Training v2.1 (SISE) course, we can omit or shorten their discussion.
● We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
● If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.

Audience / Target Group

• ISE Administrators/Engineers
• Wireless Administrators/Engineers
• Consulting Systems Engineers
• Technical/Wireless/BYOD/Security Solutions Architects
• ATP partner systems and field engineers
• Systems integrators who install and implement the Cisco Identity Service Engine version 2.1

Implementing and Configuring Cisco Identity Services Engine Training v2.1 (SISE) Related Courses

Duration: 5 days

Prerequisites:

• CCNA or equivalent level of experience with Cisco infrastructures. The Course Interconnecting Cisco Network Devices Part 2 (ICND2) provides the prerequisite knowledge
• CCNA Security or equivalent level of experience with Cisco infrastructures. The course Implementing Cisco Network Security v3.0 (IINS) provides the prerequisite knowledge
• Familiarity with Microsoft Windows Administering Windows Server 2012 (20411) will provide the prerequisite knowledge
• Familiarity with 802.1X. The course Introduction to 802.1X Operations for Cisco Security Professionals (802.1X) provides the prerequisite knowledge

Objectives:

After completing this Implementing and Configuring Cisco Identity Services Engine Training v2.1 (SISE) course, attendees will be able to:

• ISE deployment options including node types, personas, and licensing
• Install certificates into ISE using a Windows 2012 Certificate Authority (CA)
• Configure the Local and Active Directory Based Identity Store and use of Identity Source Sequences
• Configure AAA clients and network device groups
• Implement Policy Sets to streamline Authentication and Authorization in the organization
• Deploy EasyConnect as an alternative to 802.1X port based authentication
• Implement 802.1X for wired and wireless networks using the AnyConnect 4.x NAM module, the latest dot1x commands on a catalyst switch, and version 7.4 of the vWLC
• Configure policies to allow MAC Authentication Bypass (MAB) of endpoints
• Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
• Configure hotspot guest access, self-registration guest access, and sponsored guest access
• Configure profiler services in ISE and use newer probes available in IOS switch code 15.x as well as vWLC 7.4 code
• Work with Profiling feeds, logical profiles, and building profiling conditions to match network endpoints
• Configure posture assessments using the new Cisco AnyConnect Secure Mobility 4.x posture module
• Implement Threat Centric NAC using Cisco AMP for Endpoint and Adaptive Network Control (ANC)
• Integrate the Cisco WSA with Cisco ISE using PxGrid technology to share contextual information about authenticated users
• Configure Cisco ISE as a TACACS+ Server for Device Administration with Command Authorization
• Configure Cisco ISE to integrate with a 5500-X ASA and a Catalyst Switch for TrustSec and implement end-to-end • Security Group Tagging (SGT) and Security Group Access Control (SGACL)
• Integrate Cisco ISE with MobileIron for Mobile Device Management MDM
• Configure a high availability distributed deployment
• Third Party Network Access Device Support
• ​Maintenance, best practices, and logging

Course Content:

Module 1: Introducing Cisco ISE Architecture and Deployment

Security challenges
Cisco ISE solutions Use Cases
Guest use
BYOD
Profiling
Compliance
Security group access
Secure Access Control
ISE function
ISE deployment components
Admin node
Policy service node
Monitoring node
pxGrid Services
Policy synchronization
Deployment options
Context visibility
Benefits
Wizard
Streamline wizard

Module 2: Cisco ISE Policy Enforcement

IEEE 802.1X primeer
MAC authentication bypass
802.1X and MAB
Identity sources
Multi-AD overview and configuration
Lightweight directory access protocol
RADIUS
SAMLv2
Identity source sequence
Certification authority services
Authentication and authorization process
Exception policies and policy sets
Global vs local exception processing
Third-party NAD support
Cisco TrustSec
Easy connect
Overview
Modes and flows
Configuration

Module 3: Web Auth & Guest Services

Web authentication overview
Guest access services overview
Guest access settings
ISE sponsor components and configuration

Module 4: Cisco ISE Profiler

Profiler service and policies
Configure
Prepare
Enable
Probe configuration
Feed service
Settings
Profiling parameters
NMAP scan action

Module 5: Cisco ISE BYOD

Problem and solutions
Design
Portal selection process
Device portal configuration
ISE CA server and local certificates

Module 6: Cisco ISE Endpoint Compliance Services

Posture service
Conditions
Compliance module
Flow
Agents
Deployment and licensing
Client provisioning
Posture general settings
Client provisioning portal and policy

Module 7: Cisco ISE with AMP and VPN-Based Services

AAA – external authentication
Cisco ASA for VPN authentication
Threat centric NAC

Module 8: Cisco ISE Integrated Solutions with APIs

Location-based authorization
pxGrid framework

Module 9: Working with Network Access Devices

TACACS+
Device administration
Configuration
Guidelines
Best practices
Migrating Cisco ACS to ISE
Module 10: Cisco ISE Design (Self-Study)
ISE planning and Pre-deployment
ISE sizing and scaling practices
Deployment best practices
Web portals best practices
PSN HA or load sharing
Deploying monitoring personas
Network infrastructure preparation
Module 11: Configuring Thrid Party NAD Support (optional/Self-Study/Reference)
Third-party NAD support configuration

Labs:

Initial Configuration of Cisco ISE
Complete Cisco ISE GUI Setup
Integrate Cisco ISE with Active Directory
Integrating Cisco ISE with a second Microsoft Active Directory
Basic Policy Configuration
Configure Guest Access
Guest Access Operations
Guest Reports
Configuring Profiling
Customizing the Cisco ISE Profiling Configuration
ISE Profiling Reports
BYOD Configuration
Device Blacklisting
Compliance
Configuring Client Provisioning
Configuring Posture Policies
Testing and Monitoring Compliance Based Access
Compliance Policy Testing
MDM Integration with Cisco ISE
MDM Access and Configuration
Client Access with MDM
Using Cisco ISE for VPN Access
Configuring Backups and Patching
Configuring Administrative Access
Review of General Tools
Report Operations
Classroom Training
Duration 5 days
Price
United States: US$ 3,995
Cisco Learning Credits: 40 CLC
Enroll now
Online Training
Duration 5 days
Price
United States: US$ 3,995
Cisco Learning Credits: 40 CLC
Enroll now

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment