Implementing and Configuring Cisco Identity Services Engine (SISE)

Overview

This course discusses the Cisco Identity Services Engine, an identity and access control policy platform that provides a single policy plane across the entire organization, combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management, into a single context-aware identity-based platform. The training provides students with the knowledge and skills to enforce security posture compliance for wired and wireless endpoints as well as enhance infrastructure security using the Cisco ISE. Special Note: Course kits are available in digital format only. The digital version is designed for online use only, not for printing.

Target Audience

The primary audience for this course is as follows:

  • ISE Administrators / Engineers
  • Wireless Administrators / Engineers
  • Consulting Systems Engineers
  • Technical / Wireless / BYOD / Security Solutions Architects
  • ATP partner systems and field engineers
  • Systems integrators who install and implement the Cisco Identity Service Engine v2.1

Prerequisites

It is recommended that students have the following prior to attending this course:

  • Familiarity with Cisco IOS CLI
  • Familiarity with Cisco ASA
  • Familiarity with Cisco VPN clients
  • Familiarity with MicroSoft Windows Operating Systems
  • Familiarity with 802.1x

Course Objectives

Upon successful completion of this course, students should be able to meet these overall objectives:

  • Describe Cisco ISE architecture, installation, and distributed deployment options
  • Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE
  • Implement Cisco ISE web authentication and guest services
  • Deploy Cisco ISE profiling, posture, and client provisioning services
  • Describe administration, monitoring, troubleshooting, and TrustSec SGA security
  • Configure device administration using TACACS+ in Cisco ISE

Course Outline

Module 1: Introducing Cisco ISE Architecture and Deployment

  • Lesson 1: Using Cisco ISE as a Network Access Policy Engine
  • Lesson 2: Introducing Cisco ISE Deployment Models

Module 2: Cisco ISE Policy Enforcement
  • Lesson 1: Introducing 802.1x and MAB Access: Wired and Wireless
  • Lesson 2: Introducing Identity Management
  • Lesson 3: Configuring Certificate Services 
  • Lesson 4: Introducing Cisco ISE Policy
  • Lesson 5: Configuring Cisco ISE Policy Sets 
  • Lesson 6: Implementing Third-Party 
  • Lesson 7: Introducing Cisco TrustSec 
  • Lesson 8: Introducing EasyConnect

Module 3: Web Authentication and Guest Services
  • Lesson 1: Introducing Web Access with Cisco ISE
  • Lesson 2: Introducing ISE Guest Access Components
  • Lesson 3: Configuring Guest Access Settings
  • Lesson 4: Configuring Portals: Sponsors and Guests

Module 4: Cisco ISE Profiler
  • Lesson 1: Introducing Cisco ISE Profiler
  • Lesson 2: Configuring Cisco ISE Profiling

Module 5: Cisco ISE BYOD
  • Lesson 1: Introducing the Cisco ISE BYOD Process
  • Lesson 2: Describing BYOD Flow
  • Lesson 3: Configuring My Devices Portal Settings
  • Lesson 4: Configuring Certificates in BYOD Scenarios

Module 6: Cisco ISE Endpoint Compliance Services
  • Lesson 1: Introducing Endpoint Compliance
  • Lesson 2: Configuring Client Posture Services and Provisioning in Cisco ISE

Module 7: Cisco ISE with AMP and VPN-Based Services
  • Lesson 1: Introducing VPN Access Using Cisco ISE
  • Lesson 2: Configuring Cisco AMP for ISE

Module 8: Cisco ISE Integrated Solutions with APIs
  • Lesson 1: Introducing Location-Based Authorization
  • Lesson 2: Introducing Cisco ISE 2.x pxGrid

Module 9: Working with Network Access Devices
  • Lesson 1: Configuring TACACS+ for Cisco ISE Device Administration

Module 10: Cisco ISE Design
  • Lesson 1: Designing and Deployment Best Practices
  • Lesson 2: Performing Cisco ISE Installation and Configuration Best Practices
  • Lesson 3: Deploying Failover and High-Availability

Module 11: Configuring Third Party NAD Support
  • Lesson 1: Configuring Third-Party NAD Support

Lab Outline
  • Lab 1: Configure Initial Cisco ISE setup, GUI familiarization, system certificate usage
  • Lab 2: Integrate Cisco ISE with Active Directory
  • Lab 3: Configure Basic Policy on Cisco ISE
  • Lab 4: Configure Conversion to Policy Sets
  • Lab 5: Configure Access Policy for Easy Connect
  • Lab 6: Configure Guest Access
  • Lab 7: Configure Guest Access Operations
  • Lab 8: Create Guest Reports
  • Lab 9: Configure Profiling
  • Lab 10: Customize the Cisco ISE Profiling Configuration
  • Lab 11: Create Cisco ISE Profiling Reports
  • Lab 12: Configure BYOD
  • Lab 13: Blacklisting a Device
  • Lab 14: Configure Compliance Services on Cisco ISE
  • Lab 15: Configure Client Provisioning
  • Lab 16: Configure Posture Policies
  • Lab 17: Test and Monitor Compliance Based Access
  • Lab 18: Test Compliance Policy
  • Lab 19: Configure Cisco ISE for VPN Access
  • Lab 20: Configure Threat-Centric NAC using Cisco AMP
  • Lab 21: Configure Cisco ISE pxGrid and Cisco WSA Integration
  • Lab 22: Configure Cisco ISE for Basic Device Administration
  • Lab 23: Configure TACACS+ Command Authorization

SLI Main Menu