Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-866-716-6688 Other Contact Options

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:


SISE - Implementing and Configuring Cisco Identity Services Engine v2.1

New – Learn to install, configure, and deploy ISE with enhanced labs written for ISE version 2.1

GK# 3972

Course Overview

This course includes Cisco Training Exclusives

EXCLUSIVE TO GLOBAL KNOWLEDGE - Accelerate your Cisco learning experience with complimentary access to the IT Skills Video On-Demand Library, Introduction to Cybersecurity digital learning course, course recordings, IT Resource Library, and digital courseware.

Learn more

In this course, you will learn about the Cisco Identity Services Engine (ISE)—a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x, MAB, web authentication, posture, profiling, device on-boarding, guest services, and VPN access into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

This course is an intensive hands-on experience. With enhanced hands-on labs, you will cover all facets of Cisco ISE version 2.1. You will learn how to configure fundamental elements of ISE and how to secure identity-based networks using 802.1X for both wired and wireless clients, using Windows 8 and Apple iPad endpoints. You will integrate the Cisco Virtual Wireless LAN Controller (vWLC) with advanced ISE features. You will also learn to use the following advanced features of Cisco ISE: Active Directory Integration, Policy Sets, EasyConnect, EAP-FAST with EAP Chaining, BYOD, AnyConnect 4.x Posture Module for LAN and VPN compliance, Threat Centric NAC using AMP, PxGrid, TACACS+ Device Management, and TrustSec Security Group Access.


  • Delivery Format:
  • Date:
  • Location:
  • Access Period:


What You'll Learn

  • ISE deployment options including node types, personas, and licensing
  • Install certificates into ISE using a Windows 2012 Certificate Authority (CA)
  • Configure the Local and Active Directory Based Identity Store and use of Identity Source Sequences
  • Configure AAA clients and network device groups
  • Implement Policy Sets to streamline Authentication and Authorization in the organization
  • Deploy EasyConnect as an alternative to 802.1X port based authentication
  • Implement 802.1X for wired and wireless networks using the AnyConnect 4.x NAM module, the latest dot1x commands on a catalyst switch, and version 7.4 of the vWLC
  • Configure policies to allow MAC Authentication Bypass (MAB) of endpoints
  • Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
  • Configure hotspot guest access, self-registration guest access, and sponsored guest access
  • Configure profiler services in ISE and use newer probes available in IOS switch code 15.x as well as vWLC 7.4 code
  • Work with Profiling feeds, logical profiles, and building profiling conditions to match network endpoints
  • Configure posture assessments using the new Cisco AnyConnect Secure Mobility 4.x posture module
  • Implement Threat Centric NAC using Cisco AMP for Endpoint and Adaptive Network Control (ANC)
  • Integrate the Cisco WSA with Cisco ISE using PxGrid technology to share contextual information about authenticated users
  • Configure Cisco ISE as a TACACS+ Server for Device Administration with Command Authorization
  • Configure Cisco ISE to integrate with a 5500-X ASA and a Catalyst Switch for TrustSec and implement end-to-end Security Group Tagging (SGT) and Security Group Access Control (SGACL)
  • Integrate Cisco ISE with MobileIron for Mobile Device Management MDM
  • Configure a high availability distributed deployment
  • Third Party Network Access Device Support
  • Maintenance, best practices, and logging


Viewing outline for:

Virtual Classroom Live Outline

1. Introducing Cisco ISE Architecture and Deployment

  • Using Cisco ISE as a Network Access Policy Engine
  • Cisco ISE Deployment Models

2. Cisco ISE Policy Enforcement

  • 802.1X and MAB Access: Wired and Wireless
  • Identity Management
  • Configure Certificate Services
  • Cisco ISE Policy
  • Configuring Cisco ISE Policy Sets
  • Implementing Third-Party Network Access Device Support
  • Cisco TrustSec
  • EasyConnect

3. Web Auth and Guest Services

  • Web Access with Cisco ISE
  • ISE Guest Access Components
  • Configuring Guest Access Settings
  • Configuring Portals: Sponsors and Guests

4. Cisco ISE Profiler

  • Cisco ISE Profiler
  • Configuring Cisco ISE Profiling

5. Cisco ISE BYOD

  • Cisco ISE BYOD Process
  • BYOD Flow
  • Configuring My Devices Portal Settings
  • Configuring Certificates in BYOD Scenarios

6. Cisco ISE Endpoint Compliance Services

  • Endpoint Compliance
  • Configuring Client Posture Services and Provisioning in Cisco ISE

7. Cisco ISE with AMP and VPN-Based Services

  • VPN Access Using Cisco ISE
  • Configuring Cisco AMP for ISE

8. Cisco ISE Integrated Solutions with APIs

  • Location-Based Authorization
  • Cisco ISE 2.x pxGrid

9. Working with Network Access Devices

  • Configuring TACACS+ for Cisco ISE Device Administration

10. Cisco ISE Design

  • Designing and Deployment Best Practices
  • Performing Cisco ISE Installation and Configuration Best Practices
  • Deploying Failover and High-Availability

11. Configuring Third-Party NAD Support


Viewing labs for:

Virtual Classroom Live Labs

Lab 1: ISE Familiarization and Certificate Usage

Lab 2: Active Directory and Identity Source Sequences

Lab 3: Conversion to Policy Sets

Lab 4: Access Policy for EasyConnect

Lab 5: 802.1X-Wired Networks – PEAP

Lab 6: 802.1X-Wired Networks - EAP-FAST

Lab 7: 802.1X-Wireless Networks

Lab 8: 802.1X-MAC Authentication Bypass (MAB)

Lab 9: Centralized Web Authentication (CWA)

Lab 10: Guest Access and Reports

Lab 11: Endpoint Profiling and Reports

Lab 12: BYOD and My Device Portal

Lab 13: Posture Compliance and Reports

Lab 14: Compliance Based VPN Access

Lab 15: Threat Centric NAC using AMP and ANC

Lab 16: pxGrid and WSA Integration

Lab 17: TACACS+ Device Administration

Lab 18: TrustSec Security Group Access

Lab 19: ISE Distributed Deployment

Lab 20: MDM Integration


  • CCNA Security or equivalent level of experience with Cisco devices
  • Foundation-level wireless knowledge and skills
  • Familiarity with Microsoft Windows and Microsoft Active Directory
  • Familiarity with 802.1X
  • Familiarity with Cisco ASA
  • ​Familiarity with Cisco AnyConnect Secure Mobility Client

Who Should Attend

  • Consulting systems engineers
  • Technical solutions architects
  • Integrators who install and implement the Cisco ISE version 2.1
  • End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE 2.1
  • ​Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product

Vendor Credits


This course can be purchased using Cisco Learning Credits (CLCs).

Training Exclusives

Classroom and Virtual Classroom sessions of this course include access to the following benefits:

  • IT Skills Video On-Demand Library
  • Introduction to Cybersecurity digital learning course
  • Course Recordings
  • IT Resource Library
  • Digital Courseware
Learn more
Course Delivery

This course is available in the following formats:

Virtual Classroom Live

Experience expert-led online training from the convenience of your home, office or anywhere with an internet connection.

Duration: 5 day

Classroom Live

Receive face-to-face instruction at one of our training center locations.

Duration: 5 day

Request this course in a different delivery format.