Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-866-716-6688 Other Contact Options
Checkout

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:

    $

SISE - Implementing and Configuring Cisco Identity Services Engine v2.3

Updated – Learn to install, configure, and deploy ISE with enhanced labs written for ISE version 2.3

GK# 6977

Course Overview

TOP
This course includes Cisco Training Exclusives

EXCLUSIVE TO GLOBAL KNOWLEDGE - Accelerate your Cisco learning experience with complimentary access to the IT Skills Video On-Demand Library, Introduction to Cybersecurity digital learning course, course recordings, IT Resource Library, and digital courseware.

Learn more

In this course, you will learn about the Cisco Identity Services Engine (ISE)—a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x, MAB, web authentication, posture, profiling, device on-boarding, guest services, and VPN access into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

This course is an intensive hands-on experience. With enhanced hands-on labs, you will cover all facets of Cisco ISE version 2.3. You will learn how to configure fundamental elements of ISE and how to secure identity-based networks using 802.1X for both wired and wireless clients, using Windows 8 and Apple iPad endpoints. You will integrate the Cisco Virtual Wireless LAN Controller (vWLC) with advanced ISE features. You will also learn to use the following advanced features of Cisco ISE: Active Directory Integration, Policy Sets, EasyConnect, EAP-FAST with EAP Chaining, BYOD, AnyConnect 4.x Posture Module for LAN and VPN compliance, Threat Centric NAC using AMP, PxGrid, TACACS+ Device Management, and TrustSec Security Group Access.

Schedule

TOP
  • Delivery Format:
  • Date:
  • Location:
  • Access Period:

$

What You'll Learn

TOP
  • ISE deployment options including node types, personas, and licensing
  • Install certificates into ISE using a Windows 2012 Certificate Authority (CA)
  • Configure the Local and Active Directory Based Identity Store and use of Identity Source Sequences
  • Configure AAA clients and network device groups
  • Implement Policy Sets to streamline Authentication and Authorization in the organization
  • Deploy EasyConnect as an alternative to 802.1X port based authentication
  • Implement 802.1X for wired and wireless networks using the AnyConnect 4.x NAM module, the latest dot1x commands on a catalyst switch, and version 8.4 of the vWLC
  • Configure policies to allow MAC Authentication Bypass (MAB) of endpoints
  • Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
  • Configure hotspot guest access, self-registration guest access, and sponsored guest access
  • Configure profiler services in ISE and use newer probes available in IOS switch code 15.x as well as vWLC 8.4 code.
  • Work with Profiling feeds, logical profiles, and building profiling conditions to match network endpoints
  • Configure posture assessments using the new Cisco AnyConnect Secure Mobility 4.x posture module
  • Implement Threat Centric NAC using Cisco AMP for Endpoint and Adaptive Network Control (ANC)
  • Integrate the Cisco WSA with Cisco ISE using PxGrid technology to share contextual information about authenticated users
  • Configure Cisco ISE as a TACACS+ Server for Administration of Wireless as well as Wired Network Devices with Command Authorization
  • Configure Cisco ISE to integrate with a 5500-X ASA and a Catalyst Switch for TrustSec and implement end-to-end Security Group Tagging (SGT) and Security Group Access Control (SGACL)
  • Configure a high availability distributed deployment
  • Third Party Network Access Device Support
  • Maintenance, best practices, and logging

Outline

TOP
Viewing outline for:

Classroom Live Outline

Module 1: Introducing Cisco ISE Architecture and Deployment

  • Using Cisco ISE as a Network Access Policy Engine
  • Introducing Cisco ISE Deployment Models

Module 2: Cisco ISE Policy Enforcement

  • Introducing 802.1X and MAB Access: Wired and Wireless
  • Introducing Identity Management
  • Configure Certificate Services
  • Introducing Cisco ISE Policy
  • Configuring Cisco ISE Policy Sets
  • Implementing Third-Party Network Access Device Support
  • Introducing Cisco TrustSec
  • Introducing EasyConnect

Module 3: Web Auth and Guest Services

  • Introducing Web Access with Cisco ISE
  • Introducing ISE Guest Access Components
  • Configuring Guest Access Settings
  • Configuring Portals: Sponsors and Guests

Module 4: Cisco ISE Profiler

  • Introducing Cisco ISE Profiler
  • Configuring Cisco ISE Profiling

Module 5: Cisco ISE BYOD

  • Introducing the Cisco ISE BYOD Process
  • Describing BYOD Flow
  • Configuring My Devices Portal Settings
  • Configuring Certificates in BYOD Scenarios

Module 6: Cisco ISE Endpoint Compliance Services

  • Introducing Endpoint Compliance
  • Configuring Client Posture Services and Provisioning in Cisco ISE

Module 7: Cisco ISE with AMP and VPN-Based Services

Introducing VPN Access Using Cisco ISE

  • Configuring Cisco AMP for ISE

Module 8: Cisco ISE Integrated Solutions with APIs

  • Introducing Location-Based Authorization
  • Introducing Cisco ISE 2.x pxGrid

Module 9: Working with Network Access Devices

  • Configuring TACACS+ for Cisco ISE Device Administration

Module 10: Cisco ISE Design (Self-Study)

  • Designing and Deployment Best Practices
  • Performing Cisco ISE Installation and Configuration Best Practices
  • Deploying Failover and High-Availability

Module 11: Configuring Third Party NAD Support (Optional/Self-Study/Reference)

Labs

TOP
Viewing labs for:

Classroom Live Labs

Lab 1 - ISE Familiarization and Certificate Usage

Lab 2 - Active Directory and Identity Source Sequences

Lab 3 - Policy Sets, Conditions Studio, and Network Devices

Lab 4 - Passive Identity (Easy Connect)

Lab 5 - 802.1X-Wired Networks – PEAP

Lab 6 - 802.1X-Wired Networks - EAP-FAST

Lab 7 - 802.1X-Wireless Networks

Lab 8 - 802.1X-MAC Authentication Bypass (MAB)

Lab 9 - Centralized Web Authentication (CWA)

Lab 10 - Guest Access and Reports

Lab 11 - Endpoint Profiling and Reports

Lab 12 - BYOD and My Device Portal

Lab 13 - Posture Compliance and Reports

Lab 14 - Compliance Based VPN Access

Lab 15 - Threat Centric NAC with AMP for Endpoint

Lab 16 - Firepower pxGrid Remediation

Lab 17 - TACACS+ Device Administration

Lab 18 - TrustSec Security Group Access

Lab 19 - Additional Guest Scenarios

Lab 20 - ISE Distributed Deployment

Prerequisites

TOP

The learner is expected to have the following skills and knowledge before attending this course:

  • CCNA Security or equivalent level of experience with Cisco devices
  • Foundation-level wireless knowledge and skills
  • Familiarity with Microsoft Windows and Microsoft Active Directory
  • Familiarity with 802.1X
  • Familiarity with Cisco ASA
  • Familiarity with Cisco AnyConnect Secure Mobility Client

Who Should Attend

TOP
  • Consulting systems engineers
  • Technical solutions architects
  • Integrators who install and implement the Cisco ISE version 2.3
  • End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE 2.3
  • Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product

Vendor Credits

TOP

This course can be purchased using Cisco Learning Credits (CLCs).

Training Exclusives

Classroom and Virtual Classroom sessions of this course include access to the following benefits:

  • IT Skills Video On-Demand Library
  • Introduction to Cybersecurity digital learning course
  • Course Recordings
  • IT Resource Library
  • Digital Courseware
Learn more
Course Delivery

This course is available in the following formats:

Classroom Live

Receive face-to-face instruction at one of our training center locations.

Duration: 5 day

Virtual Classroom Live

Experience expert-led online training from the convenience of your home, office or anywhere with an internet connection.

Duration: 5 day

Request this course in a different delivery format.
Enroll