In this course, you will learn about the Cisco Identity Services Engine (ISE) a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x and MAB. The training provides learners with the knowledge and skills to implement 802.1X and MAB for wired and wireless endpoints. The class focuses on configuring Network Access Devices (IOS switches, and Wireless Lan Controllers) with commands necessary for ISE integration. The class also covers configuration of endpoints to use the native Microsoft supplicant with PEAP and EAP-TLS, as well as the Cisco NAM supplicant with EAP-FAST. Time is taken to explore Microsoft Active Directory group policy for endpoint configuration, and to cover integration of an enterprise CA for certificate based authentication.
This course is an intensive hands-on experience. With enhanced hands-on labs, you will setup and patch an ISE node, and use and enterprise CA to configure certificate services for use in a distributed deployment. You will integrate ISE with Active Directory and configure Group Policy to automatically enroll endpoints with an enterprise CA for TLS based authentication. You will configure and test AAA and 802.1X on an IOS switch using classical commands to integrate with ISE. You will migrate and test an IOS switch configuration to use the new-mode IBNS 2.0 Cisco Common Classification Policy Language (C3PL). You will configure and test a Cisco Wireless LAN Controller (WLC) with advanced ISE features. The class also covers the new ISE 2.3 conditions studio and its use in Policy Sets for Authentication/Authorization rules, Profiling of endpoints on the network, and Device Administration using TACACS+.
Consulting systems engineers; Technical solutions architects; Integrators who install and implement the Cisco ISE version 2.3; End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE 2.3. Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product
After completing this course you should be able to:
Attendees should meet the following prerequisites:
Cisco ISE Architecture and Deployment
Cisco ISE Identity Management
Cisco ISE Policy Enforcement
Introducing Wired and Wireless 802.1X and MAB
Cisco ISE Profiler for Endpoint Discovery and Classification
Cisco ISE TACACS+ for wired and wireless Device Administration
If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. It's a cost effective option.
Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.