Implementing Cisco Identity Services Engine for Wireless Engineers

Duration: 
2 days
Codes: 
CI-SWISE,SWISE
Versions: 
NULL

Overview

This course has been designed to enable wireless engineers understand the concepts, architecture, and use cases of the Cisco Identity Services Engine Solution.This course provides students with the knowledge and skills required to implement a basic Cisco ISE solution. The focus is on ensuring that students can implement the core features required in most Identity Services Engine Solution deployments. Students should already be familiar with basic Cisco Wireless LAN Controller and Access Point configuration.

This course is on ISE 1.2

Audience

Wireless Engineers new to deploying Cisco's Identity Services Engine Solutions.

Skills Gained

After attending this course you should be able to:

  • Describe the business drivers, architecture, components, and scalability factors related to typical Cisco ISE deployment
  • Provision secure network access by configuring AAA services and common CoA options
  • Configure profiling processes, components, options, and best practices
  • Provision a guest user access solution and the different options that are available
  • Describe and implement a BYOD solution, with a focus on configuring BYOD using a single SSID
  • Integrate Cisco ISE with a partner MDM solution
  • Use Cisco ISE tools to gather useful information related to historical trending and to troubleshoot

Prerequisites

Attendees should meet the following prerequisites.

  • Knowledge of basic 802.1X (It is recommended that the student take the free 802.1X E-learning on PEC before attending this training.)
  • Basic understanding of Microsoft Active Directory or LDAP
  • CCNA-level route and switch knowledge - ICND1 and ICND2 or CCNABC

Course Outline

This course provides students with the knowledge and skills required to implement a basic Cisco ISE solution. The focus is on ensuring that students can implement the core features required in most Identity Services Engine Solution deployments. Students should already be familiar with basic Cisco Wireless LAN Controller and Access Point configuration.

This course is on ISE 1.2 Introduction to Cisco ISE

  • Business Benefits of ISE
  • ISE Architecture and Components
  • ISE Nodes and Personas
  • Different ISE Deployment Options
  • ISE Licensing Options and Considerations
  • Provisioning Secure Access
  • Authentication Services available with ISE
  • Validating Credentials from Different Identity Sources.
  • Configuring Authentication Identity Sources and Policies
  • ISE Authorization Policies and their Components
  • Configuring Authorization Components and Policies
  • Define and Understand CoA and review common permission elements, including dACLs, named ACLs, VLANs, and SGT
  • Configuring Profiling
  • Functions and Purpose of Profiling
  • Profiler Probes and Attributes associated with these Probes
  • Configuring Profiler Policies
  • Verifying Profiler Operation
  • Best practices for Configuring Profiling
  • Providing Guest Access
  • Concept of Guest Web Access
  • Configuring the Components of a CWA-based Guest Access Solution
  • Guest Accounts, Roles, and Data stores
  • Functionality of ISE Portals used for Guest Access
  • Configuring Support for Guest Reporting
  • Best Practices for ISE Guest Services
  • Implementing BYOD
  • Overview of BYOD Components
  • Advantages of a BYOD Solution
  • Common BYOD Use Cases
  • BYOD Deployment and Configuration Options
  • BYOD Flow and On-Boarding Process when a Single SSID is used
  • Implementing an Authentication Policy for BYOD Deployments
  • Implementing an Authorization Policy for BYOD Deployments
  • Exploring MDM Integration
  • MDM Integration Processes
  • Adding an MDM Server
  • MDM Supported Attributes
  • MDM Configuration
  • Monitoring and Troubleshooting Cisco ISE Security Solutions
  • ISE Dashboard
  • Navigate ISE Alarm and Logging Features to assist in Diagnosing Problems
  • Using the Live Authentications Log feature of Cisco ISE
  • Use the Global Search and Session Trace features of Cisco ISE
  • Use the TCP Dump feature of Cisco ISE
  • Use the Evaluate Configuration Validator tool
  • Labs
  • Lab 2-1: Basic Authentication and Authorization
  • Lab 3-1: Configuring and Validating Cisco ISE Profiling
  • Lab 4-1: Configuring Cisco ISE Guest Services
  • Lab 5-1: BYOD On-Boarding using a Single SSID
  • Lab 5-2: Testing On-Boarding
  • Lab 7-1: Monitoring and Troubleshooting Cisco ISE (Optional)

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. It's a cost effective option.

Submit an enquiry from any page on this site, and let us know you are interested in the requirements box, or simply mention it when we contact you.

Upcoming Dates

  • GREEN This class is Guaranteed To Run.
  • SPVC - Self-Paced Virtual Class.
  • Click a Date to Enroll.
Course Location Days Cost Date
Onsite
Onsite2 1000 £1000 2019-07-22