HBFITES Data Center, Collaboration, Security, Storage, Wireless, Telepresence Training +91-9886770046 info@hbfites.com

SWISE v1.0 - Implementing Cisco Identity Services Engine for Wireless Engineers

Description

 

The Implementing Cisco Identity Services Engine for Wireless Engineers (SWISE) version 1.0 course is a 2-day Instructor-led Training course. Cisco Identity Services Engine (ISE) combined with the Cisco Wireless LAN Controller (WLC), access point (AP), and end devices provide the comprehensive Cisco ISE deployment capabilities and solution into one system. This training course will enable Cisco end customers and authorized Cisco System Engineers (SEs) to understand the concepts, architecture, and use cases that are related to the Cisco ISE. This course will also prepare learners to implement basic Cisco ISE solutions. The focus is to ensure that students can implement the core features of Cisco ISE that most implementations require. Students should already be familiar with basic Cisco WLC and AP configuration.

Objectives

 

After completing this course the student should be able to:

  • Describe the business drivers, architecture, components, and scalability factors related to typical Cisco ISE deployment
  • Provision secure network access by configuring AAA services and common CoA options
  • Configure profiling processes, components, options, and best practices
  • Provision a guest user access solution and the different options that are available
  • Describe and implement a BYOD solution, with a focus on configuring BYOD using a single SSID
  • Integrate Cisco ISE with a partner MDM solution
  • Use Cisco ISE tools to gather useful information related to historical trending and to troubleshoot

Prerequisites

 

  • Preferred Advanced Wireless specialized partner or Gold partner
  • Knowledge of basic 802.1X (It is recommended that the student take the free 802.1X E-learning on PEC before attending this training.)
  • Basic understanding of Microsoft Active Directory or LDAP
  • CCNA-level route and switch knowledge

Who Should Attend

 

The primary audience for this course is as follows:

  • Wireless SEs

The secondary audience for this course is as follows:

  • SEs who work in security and manage corporate security policies

Outline

 

Lesson 1: Introducing Cisco ISE

  • Describe the issues that corporations face in supporting new paradigms of network access and how Cisco ISE can ease these pressures and help resolve these issues
  • Describe the Cisco ISE architecture and components
  • Describe the different Cisco ISE nodes and personas
  • Describe and compare the products that are used to run Cisco ISE
  • Describe the different Cisco ISE deployment options
  • Explain the Cisco ISE licensing options and considerations

Lesson 2: Provisioning Secure Access

  • Describe authentication services that are available to Cisco ISE
  • Describe the process that Cisco ISE uses to validate credentials from different identity sources
  • Configure authentication identity sources and policies
  • Describe Cisco ISE authorization policies and their components
  • Configure authorization components and policies
  • Define and understand CoA and review common permission elements, including dACLs, named ACLs, VLANs, and SGT

Lesson 3: Configuring Profiling

  • Describe the functions and purpose of profiling on the Cisco ISE platform
  • List the profiler probes and discuss the attributes that are associated with these probes
  • Describe and configure profiler policies
  • Configure profiling on the Cisco ISE platform
  • Verify profiling operation on the Cisco ISE platform
  • List the best practices for configuring profiling on the Cisco ISE platform

Lesson 4: Providing Guest Access

  • Describe the concept of guest web access
  • Configure the components of a CWA-based guest access solution including redirection for both wired and wireless access
  • Describe guest accounts, roles, and data stores
  • Define the functionality that is provided by the Cisco ISE portals that are used for guest access
  • Configure support for guest reporting
  • Discuss best practices as relates to Cisco ISE guest services

Lesson 5: Implementing BYOD

  • Define BYOD, explain the advantages of a Cisco BYOD solution, and describe BYOD components
  • Describe common BYOD use cases and explain how they apply to various corporate security policy needs
  • Describe BYOD deployment and configuration options authorization policy for BYOD deployments

Lesson 6: Exploring MDM Integration

  • Define the MDM integration process in Cisco ISE and add an MDM Server
  • Define MDM supported attributes
  • Examine an MDM configuration

Lesson 7: Monitoring and Troubleshooting Cisco ISE Security Solutions

  • Use the Cisco ISE dashboard
  • Navigate Cisco ISE alarm and logging features to assist in diagnosing problems
  • Use the Live Authentications log feature of Cisco ISE
  • Use the Global Search and Session Trace features of Cisco ISE
  • Use the TCP Dump feature of Cisco ISE
  • Use the Evaluate Configuration Validator tool

Appendix A: Introducing Posture Assessment

  • Define posturing, describe its major components, and explain the posturing flow
  • Explain typical posture example configurations to describe the configuration process
  • Describe and configure posture system settings
  • Describe posture policy logic and verify policy configuration

Lab Outline

  • Lab 2-1: Basic Authentication and Authorization
  • Lab 3-1: Configuring and Validating Cisco ISE Profiling
  • Lab 4-1: Configuring Cisco ISE Guest Services
  • Lab 5-1: BYOD On-Boarding using a Single SSID
  • Lab 5-2: Testing On-Boarding
  • Lab 7-1: Monitoring and Troubleshooting Cisco ISE (Optional)