Implementing and Configuring Cisco Identity Services Engine

Duration: 
5 days
Codes: 
ICISE
Versions: 
NULL

Overview

This course is focused specifically on the Cisco Identity Services Engine (ISE), an identity and access control policy platform that provides a single policy plane across the entire organization, combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management, into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

This course is based on ISE v2.1. however all of the labs have ben updated to run on ISE v2.3 to ensure delegates get experience with the latest version of the product

Delegates will be expected to work in groups and share lab equipment, If you are attending virtually you may also be required to work in virtual breakout rooms. Extended hours may also be required to cover all of the content included in this class.

Audience

  • ISE Administrators/Engineers
  • Wireless Administrators/Engineers
  • Consulting Systems Engineers
  • Technical/Wireless/BYOD/Security Solutions Architects
  • ATP partner systems and field engineers
  • Systems integrators who install and implement the Cisco Identity Service Engine version 1.3

Skills Gained

After completing this course you should be able to:

  • Describe Cisco ISE architecture, installation and distributed deployment options
  • Configure Network Access Devices (NADs), policy components and basic authentication and authorization policies in Cisco ISE
  • Implement Cisco ISE web authentication and guest services
  • Deploy Cisco ISE profiling, posture and client provisioning services
  • Describe administration, monitoring, troubleshooting and TrustSec SGA security
  • Configure device administration using TACACS+ in Cisco ISE

Prerequisites

The knowledge and skills the student should have before attending this course are as follows:

  • CCNA or equivalent level of experience with Cisco infrastructures. The Course Interconnecting Cisco Network Devices Part 2 (ICND2) provides the prerequisite knowledge
  • CCNA Security or equivalent level of experience with Cisco infrastructures. The course Implementing Cisco Network Security v3.0 (IINS) provides the prerequisite knowledge
  • Familiarity with Microsoft Windows Administering Windows Server 2012 (20411) will provide the prerequisite knowledge
  • Familiarity with 802.1X. The course Introduction to 802.1X Operations for Cisco Security Professionals (802.1X) provides the prerequisite knowledge

NOTE: This security course is subject to Cisco's DPL (Denied Parties List) policy as it includes an evaluation copy of AMP. All students are required to notify DDLS of their nominated citizenship no less than 5 days prior to course commencement. Email communication is sufficient; formal documentation is not required.

Course Outline

Module 1: Introducing Cisco ISE Architecture and Deployment

  • Security challenges
  • Cisco ISE solutions Use Cases
  • Secure Access Control
  • ISE function
  • ISE deployment components
  • Context visibility

Module 2: Cisco ISE Policy Enforcement

  • IEEE 802.1X primeer
  • MAC authentication bypass
  • 802.1X and MAB
  • Identity sources
  • Multi-AD overview and configuration
  • Lightweight directory access protocol
  • RADIUS
  • SAMLv2
  • Identity source sequence
  • Certification authority services
  • Authentication and authorization process
  • Exception policies and policy sets
  • Global vs local exception processing
  • Third-party NAD support
  • Cisco TrustSec
  • Easy connect

Module 3: Web Auth & Guest Services

  • Web authentication overview
  • Guest access services overview
  • Guest access settings
  • ISE sponsor components and configuration

Module 4: Cisco ISE Profiler

  • Profiler service and policies
  • NMAP scan action

Module 5: Cisco ISE BYOD

  • Problem and solutions
  • Design
  • Portal selection process
  • Device portal configuration
  • ISE CA server and local certificates

Module 6: Cisco ISE Endpoint Compliance Services

  • Posture service
  • Client provisioning
  • Posture general settings
  • Client provisioning portal and policy

Module 7: Cisco ISE with AMP and VPN-Based Services

  • AAA – external authentication
  • Cisco ASA for VPN authentication
  • Threat centric NAC

Module 8: Cisco ISE Integrated Solutions with APIs

  • Location-based authorization
  • pxGrid framework

Module 9: Working with Network Access Devices

  • TACACS+
  • Migrating Cisco ACS to ISE

Module 10: Cisco ISE Design (Self-Study)

  • ISE planning and Pre-deployment
  • ISE sizing and scaling practices
  • Deployment best practices
  • Web portals best practices
  • PSN HA or load sharing
  • Deploying monitoring personas
  • Network infrastructure preparation

Module 11: Configuring Thrid Party NAD Support (optional/Self-Study/Reference)

  • Third-party NAD support configuration

Labs:

  • Initial Configuration of Cisco ISE
  • Complete Cisco ISE GUI Setup
  • Integrate Cisco ISE with Active Directory
  • Integrating Cisco ISE with a second Microsoft Active Directory
  • Basic Policy Configuration
  • Configure Guest Access
  • Guest Access Operations
  • Guest Reports
  • Configuring Profiling
  • Customizing the Cisco ISE Profiling Configuration
  • ISE Profiling Reports
  • BYOD Configuration
  • Device Blacklisting
  • Compliance
  • Configuring Client Provisioning
  • Configuring Posture Policies
  • Testing and Monitoring Compliance Based Access
  • Compliance Policy Testing
  • MDM Integration with Cisco ISE
  • MDM Access and Configuration
  • Client Access with MDM
  • Using Cisco ISE for VPN Access
  • Configuring Backups and Patching
  • Configuring Administrative Access
  • Review of General Tools
  • Report Operations

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. It's a cost effective option.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

Upcoming Dates

  • GREEN This class is Guaranteed To Run.
  • SPVC - Self-Paced Virtual Class.
  • Click a Date to Enroll.
Course Location Days Cost Date
Onsite
Onsite5 2500 £2500 2019-05-24