HBFITES Data Center, Collaboration, Security, Storage, Wireless, Telepresence Training +91-9886770046 info@hbfites.com

SISE v1.1 - Implementing and Configuring Cisco Identity Services Engine

Description

Implementing and Configuring Cisco Identity Services Engine (SISE v1.1) is a 5-day course based on Cisco Identity Services Engine (ISE) version 1.1.1, a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management, into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

  • Describe Cisco ISE architecture, installation, and distributed deployment options
  • Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE
  • Implement Cisco ISE web authentication and guest services
  • Deploy Cisco ISE profiling, posture and client provisioning services
  • Describe administration, monitoring, troubleshooting, and TrustSec SGA security

Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

  • CCNA Security certification
  • Foundation-level network knowledge and skills necessary to install, configure, operate, and troubleshoot network devices and applications
  • Foundation-level wireless knowledge and skills
  • Basic knowledge of Cisco IOS networking and concepts

Who Should Attend

The primary audience for this course is as follows:

  • Employee
  • Channel Partner or Reseller
  • Customer

Outline

Course Introduction

  • Overview
  • Course Goal and Objectives
  • Course Flow

Module 1: Cisco ISE Product Overview

Lesson 1: Introducing the Cisco ISE

      • Overview of Cisco TrustSec
      • Overview of Cisco ISE
      • Cisco ISE Architecture
      • Cisco ISE Deployment Options

Lesson 2: Getting Started with Cisco ISE

    • Installing Cisco ISE
    • Network Time Protocol
    • Cisco ISE Certificates
    • Monitoring Basics
    • Configuring and Verifying Cisco ISE for Distributed Deployment

Module 2: Cisco ISE Authentication and Authorization

Lesson 1: Configuring Basic Access

      • NAD Overview
      • IEEE 802.1X Primer
      • Cisco Switch Configuration
      • Cisco WLC Configuration
      • Cisco ASA Appliance Configuration
      • Cisco ISE Authentication Process
      • Internal Databases
      • Simple Authentication
      • Rule-Based Authentication
      • Sessions in Cisco ISE

Lesson 2: Understanding External Authentication

      • External Authentication Process
      • Active Directory
      • Lightweight Directory Access Protocol
      • RADIUS
      • Certificates
      • Identity Source Sequencing
      • Authentication Support and Performance

Lesson 3: Using Cisco ISE Dictionaries

      • Overview of Cisco ISE Dictionaries
      • Read-Only Dictionaries
      • Administrable Dictionaries
      • RADIUS Vendor Dictionaries

Lesson 4: Configuring Authorization

    • Authorization Policies and Components
    • Authorization Policy Configuration
    • Exception Policies

Module 3: Web Authentication and User Access Management

Lesson 1: Implementing Web Authentication

      • Web Authentication Overview
      • Configure Cisco ISE Web Authentication
      • Verifying Web Authentication

Lesson 2: Implementing Guest Services

    • Guest Services Overview
    • Preparing the Deployment
    • Configuring Sponsor Portal
    • Configuring Guest Portal
    • Creating Guest Accounts
    • Verifying Guest Accounts

Module 4: Cisco ISE Profiler, Posture, and Endpoint Protection Services

Lesson 1: Implementing Cisco ISE Profiler Service

      • Profiler Service Overview
      • Configuring Profiling on Cisco ISE
      • Verifying Profiling

Lesson 2: Implementing Cisco ISE Posture Service

      • Posture Service Overview
      • Configuring Cisco ISE for Client Provisioning
      • Adapting the Authorization Policy for Posture Compliance
      • Configuring the Posture System Settings
      • Configuring the Posture Policy
      • Verifying the Posture Service

Lesson 3: Implementing Cisco ISE Endpoint Protection Services

      • EPS Overview
      • Configuring EPS
      • Monitoring EPS

Lesson 4: Implementing BYOD

    • BYOD Overview
    • Designing BYOD
    • Dual SSID BYOD Design
    • Device Onboarding User Experience
    • Single SSID BYOD Configuration-Enhanced
    • Dual SSID BYOD Configuration-Enhanced

Module 5: Reports, Monitoring, Troubleshooting, and Security

Lesson 1: Implementing Inline Posture and TrustSec Security

      • Inline Posture
      • Security Group Access
      • MAC Security

Lesson 2: Describing the Cisco ISE Architecture

      • Cisco ISE Deployment Types
      • Deploying Monitoring Personas
      • Preparing the Network Infrastructure

Lesson 3: Performing Cisco ISE Administration and Maintenance

      • Role-Based Access Control
      • Cisco ISE Licensing
      • Backing Up and Restoring the System Configuration

Lesson 4: Using Cisco ISE Reporting, Monitoring, and Troubleshooting

    • Cisco ISE Dashboard Monitoring
    • Implementing Logging
    • Managing Alarms
    • Cisco ISE Reports
    • Troubleshooting the Network
    • Backing Up and Restoring the Monitoring Database

Lab Outline

      Lab 1-1: Completing the Initial Setup Configuration
      Lab 1-2: Certificate Operations
      Lab 1-3: Cisco ISE Node Deployment
      Lab 2-1: Configure and Add Network Access Devices to Cisco ISE
      Lab 2-2: Configure External Identity Sources
      Lab 2-3: Configuring Cisco ISE for MAC Authentication Bypass (MAB)
      Lab 2-4: Configuring Cisco ISE for Wired 802.1X Authentication
      Lab 2-5: Configuring Cisco ISE for Wireless 802.1X Authentication
      Lab 3-1: Configuring Cisco ISE for Web Authentication
      Lab 3-2: Configuring Cisco ISE Guest Services
      Lab 4-1: Configuring Cisco ISE for Profiling
      Lab 4-2: Configuring Cisco ISE for Posture Assessment
      Lab 4-3: Configuring Cisco ISE Endpoint Protection Services
      Lab 4-4: Configure Cisco ISE for Single SSID Wireless BYOD configuration
      Lab 5-1: Logging Setup
      Lab 5-2: Cisco ISE Reporting
      Lab 5-3: Working with Cisco ISE Monitoring and Troubleshooting