Implementing and Configuring Cisco Identity Services Engine (SISE)

This course is designed for ATP partner systems and field engineers, consulting systems engineers, technical solutions architects, and Cisco integrators who install and implement the Cisco Identity Service Engine v1.3.  This course covers the key components and procedures needed to install, configure, manage, and troubleshoot the Cisco Identity Services Engine v1.3.

Upon successful completion of this course, students should be able to meet these overall objectives:

  • Upon successful completion of this course, students should be able to meet these overall objectives:

  • Install Cisco ISE v1.3

  • Understand the concepts of policy enforcement in a Cisco network

  • Configure Cisco ISE v1.3 for Guest Access

  • Configure Cisco ISE v1.3 for BYOD and MDM

  • Configure Cisco ISE v1.3 for Cisco ISE Compliance and Posture

  • Understand the concepts of designing an implementation along with Cisco recognized best practices

Course Outline

Module 1: Introducing the Cisco Secure Access Solution and ISE Platform Architecture

  • Lesson 1: The Cisco Secure Access Solution

  •  Lesson 2: Cisco ISE as a Network Access Policy Engine

  •  Lesson 3: Cisco ISE Policy Security Mechanisms

  •  Lesson 4: Cisco TrustSec Lesson 5: Installing Cisco ISE

  •  Lesson 6: Cisco ISE GUI Orientation


Module 2: Cisco ISE Policy Enforcement

  • Lesson 1:  802.1x and MAB Access Wired and Wireless

  • Lesson 2: Identity Management

  • Lesson 3: Cisco ISE Policy Overview

  • Lesson 4: Cisco ISE Policy Sets


Module 3: Web Authentication

  • Lesson 1: Web Access with Cisco ISE

  • Lesson 2: WebAuth Configuration


Module 4: Cisco ISE Guest Services

  • Lesson 1: Cisco ISE Guest Access Components

  • Lesson 2: Guest Access Settings

  • Lesson 3: Sponsors and Sponsor Portals

  • Lesson 4: Cisco ISE Guest Portal Overview

  • Lesson 5: Cisco ISE Guest Operations and Reports


Module 5: Cisco ISE Profiler

  • Lesson 1: Introduction to Profiling

  • Lesson 2: Profiling Configuration on Cisco ISE


Module 6: Cisco ISE BYOD and MDM

  • Lesson 1: Cisco ISE BYOD Process Overview

  • Lesson 2: BYOD Portal Selection

  • Lesson 3: My Devices Portal Settings

  • Lesson 4: Certificates in BYOD Scenarios

  • Lesson 5: Describe MDM and ISE


Module 7: Cisco ISE Endpoint Compliance Services

  • Lesson 1: Endpoint Compliance Posture Service Overview

  • Lesson 2: Client Provisioning in Cisco ISE

  • Lesson 3: Mobile Client Provisionin in Cisco ISE

  • Lesson 4: Configuring Cisco ISE for Posture Compliance


Module 8: Using Cisco ISE for VPN-based Services

  • Lesson 1: VPN Access Overview

  • Lesson 2: Configuring Cisco ASA v9.2+ for VPN Access

  • Lesson 3: Using Inline Posture Node for NADs without CoA Support

  • Module 9: Cisco TrustSec

  • Lesson 1: Cisco TrustSec


Module 10: Cisco ISE Design

  • Lesson 1: Node Capabilities

  • Lesson 2: Failover and High Availability


Module 11: Cisco ISE Best Practices

  • Lesson 1: Best Practices


Labs:

  • Lab 1-1: Initial Configuration of Cisco ISE

  • Lab 1-2: Cisco ISE GUI Setup

  • Lab 2-1: Integrate Cisco ISE with Active Directory

  • Lab 2-2: Integrating Cisco ISE with a second Microsoft Active

  • Lab 2-3: Basic Policy Configuration

  • Lab 2-4: Conversion to Policy Sets

  • Lab 4-1: Configure Guest Access

  • Lab 4-2: Guest Access Operations

  • Lab 4-3: Guest Reports

  • Lab 5-1: Configuring Profiling

  • Lab 5-2: Customizing the Cisco ISE Profiling Configuration

  • Lab 5-3: ISE Profiling Reports

  • Lab 6-1: BYOD Configuration

  • Lab 6-2: Device Blacklisting

  • Lab 7-1: Compliance

  • Lab 7-2: Configuring Client Provisioning

  • Lab 7-3: Configuring Posture Policies

  • Lab 7-4: Testing and Monitoring Compliance-Based Access

  • Lab 7-5: Compliance Policy Testing

  • Lab 7-6: MDM Integration with Cisco ISE

  • Lab 7-7: MDM Access and Configuration

  • Lab 7-8: Client Access with MDM

  • Lab 8-1: Using Cisco ISE for VPN Access


Lab Outline

  • Lab 1-1: Installing the Cisco ISE

  • Lab 1-2: Certificate Operations

  • Lab 1-3: Cisco ISE Node Deployment

  • Lab 2-1: Configure and Add Network Access Devices to Cisco ISE

  • Lab 2-2: Configure External Identity Sources

  • Lab 2-3: Examine Cisco ISE Dictionaries

  • Lab 2-4: Basic Cisco ISE Policies

  • Lab 2-5: Configuring Multiple Cisco ISE Policies

  • Lab 3-1: Configuring Cisco ISE Guest Services

  • Lab 3-2: Guest Services Self-Registration

  • Lab 4-1: Configuring Cisco ISE for Profiling

  • Lab 4-2: Configuring Cisco ISE for Posture Assessment

  • Lab 4-3: Endpoint Protections Services

  • Lab 4-4: BYOD

  • Lab 5-1: Logging Setup

  • Lab 5-2: Cisco ISE Reporting

  • Lab 5-3: Working with Cisco ISE Monitoring and Troubleshooting

  • Lab 5-4: Patching Cisco ISE

  • Lab A-1: GUI Orientation

  • Lab A-2: Admin Access

Audience

The primary audience for this course is as follows:

  • ATP Partner Systems and Field Engineers

  • Consulting Systems Engineers

  • Technical Solutions Architects

  • Integrators who install and implement the Cisco Identity Service Engine v1.3