ISE v1.0 - Implementing Cisco Identity Service Engine Secure Solutions

PDFDownload a PDF version of this course outline

Duration:5 days

Price:$3,750.00

Test Level:100

Certifications:
  • No Certification
Exams:
  • No Exam

Course Description

Implementing Cisco Identity Services Engine Secure Solutions (ISE) is a course that is designed to provide students with hands-on lab configuration of the Cisco Identity Services Engine (ISE) running software version 1.0. The Cisco ISE platform takes the place of the Cisco Secure Access Control System (ACS) and Network Admission Control (NAC) servers that are typically used in identity-based networks. The students will implement IEEE 802.1X-based network services using Cisco Catalyst and Nexus switches and Cisco wireless products. The course also addresses solution design, sizing, resiliency, and platform troubleshooting.

Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

  • Describe the Cisco TrustSec 2.0 solution architecture and deployment methodologies using the Cisco ISE platform
  • Configure the Cisco ISE platform in a network that includes Microsoft Active Directory
  • Configure the Cisco ISE software for wired and wireless 802.1X
  • Deploy firewall-based VPN services using the Cisco ASA 5500 Series Adaptive Security Appliances and inline posture
  • Configure the Cisco ISE for classification and policy enforcement
  • Deploy the Cisco ISE Profiler Service, Posture Service, and Guest Service
  • Troubleshoot user authentication and policy enforcement problems that are based on configuration errors or network issues
  • Create a low-level design for the Cisco ISE platform deployment methodology, scaling requirements, and platform resiliency
  • Cisco CCNA® certification or equivalent level of experience with the configuration of Cisco routers and switches
  • Introduction to 802.1X Operations for Cisco Security Professionals Version 1.0

Recommended:

  • Cisco CCNP® certification or equivalent level of experience
  • Cisco CCSP® certification or equivalent level of experience
  • Base level of knowledge and understanding of the Cisco NAC Appliance and Cisco Secure ACS server version 5.X.

Who Should Attend

The primary audience for this course is as follows:

  • Cisco Channel Partner systems and field engineers that are seeking to meet the education requirements to attain Authorized Technology Provider (ATP) authorization to sell the Cisco ISE.

The secondary audience for this course is as follows:

  • Security architects, design engineers, and others seeking hands-on experience with the Cisco ISE.

Course Outline

Module 1: Introduction to the TrustSec 2.0 Solution and ISE Platform Architecture

  • Lesson 1: Introducing the Cisco TrustSec 2.0 Solution and ISE Platform Architecture
  • Introducing the Cisco Borderless Network Architecture
  • Introducing Cisco ISE
  • Cisco ISE Software Architecture

Module 2: Cisco Identity Services Engine Deployment

  • Lesson 1: Installing the Cisco ISE Software
  • Introducing the Cisco ISE Software GUI
  • Installing the Cisco ISE Software on a Server
  • Installing the Cisco ISE Software on an ISE Appliance
  • Installing the Cisco ISE Software on a Virtual Machine
  • Configuring Post-Install Tasks
  • Lesson 2: Integrating Cisco ISE into Microsoft Active Directory
  • Introducing Microsoft Active Directory
  • Configuring Cisco ISE for Active Directory Integration
  • Verifying Proper Cisco ISE Operation with Active Directory
  • Lesson 3: Configuring Cisco ISE for High Availability
  • Supported High-Availability Deployment Options
  • Configuring High Availability

Module 3: Classification and Policy Enforcement

  • Lesson 1: Using Cisco ISE for Policy Enforcement
  • What Is Policy Enforcement on Cisco ISE?
  • Configuring Cisco ISE for Policy Enforcement
  • Verifying Policy Enforcement for Cisco ISE
  • Lesson 2: Configuring Cisco ISE for MAB
  • What Is MAC Authentication Bypass?
  • Network Infrastructure Configuration for MAB
  • Cisco ISE Configuration for MAB
  • Cisco ISE Configuration for Whitelists
  • MAB Operation Verification on Cisco ISE
  • Lesson 3: Configuring Cisco ISE for Wired and Wireless 802.1X Authentication
  • Reviewing 802.1X Authentication
  • Configuring a Windows Client for 802.1X Authentication
  • Configuring Cisco ISE for Wired 802.1X Authentication
  • Configuring Cisco ISE for Wireless 802.1X Authentication
  • Verifying 802.1X Authentication
  • Lesson 4: Deploying VPN-Based Services Using the Cisco ASA and Inline Posture
  • Introducing Inline Posture
  • Configuring Inline Posture for Router Mode
  • Configuring Inline Posture for High Availability
  • Configuring Inline Posture for Authorization Profiles and Policies
  • Verifying Inline Posture Operation
  • Lesson 5: Configuring Web Authentication Using Cisco ISE
  • What Is Web Authentication?
  • Web Authentication Configuration Using Cisco ISE
  • Web Authentication Verification

Module 4: Guest, Profiler, and Posture Service Configuration

  • Lesson 1: Introducing the Cisco ISE Guest Service
  • What Is the Cisco ISE Guest Service?
  • Defining Sponsor Access Policies
  • Configuring Guest Settings
  • Lesson 2: Introducing the Cisco ISE Profiler Service
  • What Is the Cisco ISE Profiler Service?
  • Configuring Profiling on Cisco ISE
  • Verifying Profiling on Cisco ISE
  • Lesson 3: Introducing the Cisco ISE Posture Service
  • What Is the Cisco ISE Posture Service?
  • Configuring Cisco ISE for Client Provisioning
  • Configuring an Authorization Policy for Client Provisioning and Posture Compliance
  • Configuring the Posture Subscription and Policy
  • Verifying the Posture Service

Module 5: Cisco TrustSec 2.0 Architecture Design for the ISE Appliance

  • Lesson 1: Designing the Cisco TrustSec 2.0 Solution Architecture for the ISE Appliance
  • High-Level Design Guidance
  • HLD Case Studies: Small and Midsized Corporations
  • Low-Level Design Guidance
  • LLD Case Study: New York State Hospital

Appendix A: Selecting Cisco TrustSec 2.0 Infrastructure Hardware and the ISE Appliance

  • Introducing Cisco TrustSec 2.0 Switching Infrastructure Hardware
  • Introducing Cisco TrustSec 2.0 WLC Hardware
  • Introducing Cisco TrustSec 2.0 ISE Hardware

Appendix B: Introducing Cisco TrustSec Fundamentals

  • Key Cisco TrustSec Functions
  • Security Group Access Solution Overview

Lab Outline

  • Lab 1: Lab Topology and Access
  • Lab 2: Completing the Initial Setup Configuration
  • Lab 3: Integrating Cisco ISE into Microsoft Active Directory
  • Lab 4: Configuring Cisco ISE for MAB
  • Lab 5: Configuring Cisco ISE for Wired 802.1X Authentication
  • Lab 6: Configuring Cisco ISE for Wireless 802.1X Authentication
  • Lab 7: Configuring Web Authentication and Policy Enforcement
  • Lab 8: Creating Guest Users and Guest User Policies in the Sponsor Portal
  • Lab 9: Configuring Cisco ISE for the Profiler Service
  • Lab 10: Configuring Cisco ISE for the Posture Service
  • Lab 11: Creating a Low-Level Design for Cisco ISE (Case Study

Prerequisites

This section lists the skills and knowledge that learners must possess to benefit fully from the course. This section includes recommended Cisco learning offerings that the learners may complete to benefit fully from this course, including the following: Required:

Upcoming Classes

There are no scheduled classes for this course at this time. Call 1(866)399-8287 to make a request.

Cisco

Select a Class

There are no scheduled classes for this course at this time. Call 1(866)399-8287 to make a request.
Close Checkout

Your class selection was successfully added to your cart.

You may add yourself to the waiting list and we will contact you if and when a seat opens up for this class.