United States [
ISE - Implementing Cisco Identity Services Engine Secure Solutions v1.0
Learn to install, configure, and deploy Cisco Identity Services Engine.
This course is not currently offered by Global Knowledge. Information here is provided for reference only.
This course is specifically designed for ATP certification, for end user product training please see SISE 1.1.
In this course, you will learn how to install, configure, and implement Cisco Identity Services Engine (ISE), a new flagship security product. This course is designed for Cisco's Authorized Technology Provider (ATP) Program, part of the Cisco Channel Partner Program, and is required to fulfill the ATP requirement for ISE certification.
The Cisco ISE platform takes the place of the Cisco Secure Access Control System (ACS) and Network Admission Control (NAC) servers that are typically used in identity-based networks.
Through our enhanced hands-on labs, you will learn how to perform a fundamental installation of ISE and how to configure identity-based networks with 802.1X for both wired and wireless clients using Windows 7. You will be using the latest version of ISE 1.1 and have access to the Cisco 2504 Wireless LAN Controller running software code 7.2, providing features the old version does not.
A Global Knowledge Exclusive: Bonus Lab Credits
You'll receive five extra security e-Lab credits (good for 30 days) to review topics after class, refine your skills, or get in extra practice in lab activities to complete your training.
What You'll Learn
- ISE deployment options, including node types and personas
- Install a certificate into ISE using a Windows 2008 certificate authority
- Configure authentication, authorization, and accounting (AAA) clients and network device groups
- Configure local and remote identity store
- Use sequence lists
- 802.1X for wired and wireless networks using the latest dot1x commands on a switch and version 7.2 of the wireless LAN controller (WLC)
- Configure authorization and authentication policies to allow MAC authentication bypass (MAB) to function for Cisco IP phones
- Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
- Configure sponsored guest access
- Configure profiler services in ISE and use newer probes available in switch code 15.x
- Configure posture assessments using Cisco next available agent (NAA) and offline updates in ISE
- Configure web agent assessment for non-corporate assets
Who Needs to Attend
- Cisco channel partners and field engineers
- End users desiring the knowledge to install, configure, and deploy Cisco ISE (Note: This course is designed for the ATP certification program for Cisco channel partners. Although end users will benefit from the course, there will be ATP related information reflected in the course such as licensing and licensing costs.)
Prerequisites
- CCNA - Cisco Certified Network Associate or equivalent experience with configuring Cisco routers and switches
Follow-On Courses
There are no follow-ons for this course.
Course Outline
1. TrustSec 2.0 Solution and ISE Platform Architecture
- Cisco Borderless Network Architecture
- Cisco ISE
- Cisco ISE Software Architecture
2. Cisco Identity Services Engine Deployment
-
Installing the Cisco ISE Software
- Cisco ISE Software GUI
- Installing the Cisco ISE Software on a Server
- Installing the Cisco ISE Software on an ISE Appliance
- Installing the Cisco ISE Software on a Virtual Machine
- Configuring Post-Install Tasks
-
Integrating Cisco ISE into Microsoft Active Directory
- Microsoft Active Directory
- Configuring Cisco ISE for Active Directory Integration
- Verifying Proper Cisco ISE Operation with Active Directory
-
Configuring Cisco ISE for High Availability
- Configuring Supported High-Availability Deployment Options
- Configuring High Availability
3. Classification and Policy Enforcement
-
Using Cisco ISE for Policy Enforcement
- Policy Enforcement on Cisco ISE
- Configuring Cisco ISE for Policy Enforcement
- Verifying Policy Enforcement for Cisco ISE
-
Configuring Cisco ISE for MAB
- MAC Authentication Bypass
- Creating Network Infrastructure Configuration for MAB
- Configuring Cisco ISE for MAB
- Configuring Cisco ISE for Whitelists
- Verifying MAB Operation on Cisco ISE
-
Configuring Cisco ISE for Wired and Wireless 802.1X Authentication
- 802.1X Authentication
- Configuring a Windows Client for 802.1X Authentication
- Configuring Cisco ISE for Wired 802.1X Authentication
- Configuring Cisco ISE for Wireless 802.1X Authentication
- Verifying 802.1X Authentication
-
Deploying VPN-Based Services Using the Cisco ASA and Inline Posture
- Inline Posture
- Configuring Inline Posture for Router Mode
- Configuring Inline Posture for High Availability
- Configuring Inline Posture for Authorization Profiles and Policies
- Verifying Inline Posture Operation
- Configuring Web Authentication Using Cisco ISE
- Configuring Web Authentication Using Cisco ISE
- Verifying Web Authentication
4. Guest, Profiler, and Posture Service Configuration
- Cisco ISE Guest Service
- Sponsor Access Policies
- Configuring Guest Settings
- Cisco ISE Profiler Service
- Configuring Profiling on Cisco ISE
- Verifying Profiling on Cisco ISE
- Cisco ISE Posture Service
- Configuring Cisco ISE for Client Provisioning
- Configuring an Authorization Policy for Client Provisioning and Posture Compliance
- Configuring the Posture Subscription and Policy
- Verifying the Posture Service
5. Designing the Cisco TrustSec 2.0 Architecture Design for the ISE Appliance
-
Designing the Cisco TrustSec 2.0 Solution Architecture for the ISE
Appliance
- High-Level Design (HLD) Guidance
- HLD Case Studies: Small and Midsized Corporations
- Low-Level Design (LLD) Guidance
- LLD Case Study: New York State Hospital
Appendix A: Selecting Cisco TrustSec 2.0 Infrastructure Hardware and the ISE Appliance
- Cisco TrustSec 2.0 Switching Infrastructure Hardware
- Cisco TrustSec 2.0 WLC Hardware
- Cisco TrustSec 2.0 ISE Hardware
Appendix B: Cisco TrustSec Fundamentals
- Key Cisco TrustSec Functions
- Security Group Access Solution
