Module 1: Introducing Cisco ISE
- Describe the issues that corporations face in supporting new paradigms of network access and how Cisco ISE can ease these pressures and help resolve these issues
- Describe the Cisco ISE architecture and components
- Describe the different Cisco ISE nodes and personas
- Describe and compare the products that are used to run Cisco ISE
- Describe the different Cisco ISE deployment options
- Explain the Cisco ISE licensing options and considerations
Module 2: Provisioning Secure Access
- Describe authentication services that are available to Cisco ISE
- Describe the process that Cisco ISE uses to validate credentials from different identity sources
- Configure authentication identity sources and policies
- Describe Cisco ISE authorization policies and their components
- Configure authorization components and policies
- Define and understand CoA and review common permission elements, including dACLs, named ACLs, VLANs, and SGT
- Lab 2-1: Basic Authentication and Authorization
Module 3: Configuring Profiling
- Describe the functions and purpose of profiling on the Cisco ISE platform
- List the profiler probes and discuss the attributes that are associated with these probes
- Describe and configure profiler policies
- Configure profiling on the Cisco ISE platform
- Verify profiling operation on the Cisco ISE platform
- List the best practices for configuring profiling on the Cisco ISE platform
- Lab 3-1: Configuring and Validating Cisco ISE Profiling
Module 4: Providing Guest Access
- Describe the concept of guest web access
- Configure the components of a CWA-based guest access solution including redirection for both wired and wireless access
- Describe guest accounts, roles, and data stores
- Define the functionality that is provided by the Cisco ISE portals that are used for guest access
- Configure support for guest reporting
- Discuss best practices as relates to Cisco ISE guest services
- Lab 4-1: Configuring Cisco ISE Guest Services
Module 5: Implementing BYOD
- Define BYOD, explain the advantages of a Cisco BYOD solution, and describe BYOD components
- Describe common BYOD use cases and explain how they apply to various corporate security policy needs
- Describe BYOD deployment and configuration options
- Describe the BYOD flow and on-boarding process when a single SSID is used
- Implement an authentication policy for BYOD deployments
- Implement an authorization policy for BYOD deployments
- Lab 5-1: BYOD On-Boarding using a Single SSID
- Lab 5-2: Test On-Boarding
Module 6: Exploring MDM Integration
- Define the MDM integration process in Cisco ISE and add an MDM Server
- Define MDM supported attributes
- Examine an MDM configuration
Module 7: Monitoring and Troubleshooting Cisco ISE Security Solutions
- Use the Cisco ISE dashboard
- Navigate Cisco ISE alarm and logging features to assist in diagnosing problems
- Use the Live Authentications log feature of Cisco ISE
- Use the Global Search and Session Trace features of Cisco ISE
- Use the TCP Dump feature of Cisco ISE
- Use the Evaluate Configuration Validator tool
- Lab 7-1: Monitoring and Troubleshooting Cisco ISE (Optional)
Appendix A: Introducing Posture Assessment
- Define posturing, describe its major components, and explain the posturing flow
- Explain typical posture example configurations to describe the configuration process
- Describe and configure posture system settings
- Describe posture policy logic and verify policy configuration
Objectives and Pre-requisites
- Describe the business drivers, architecture, components, and scalability factors related to typical Cisco ISE deployment
- Provision secure network access by configuring AAA services and common CoA options.
- Configure profiling processes, components, options, and best practices.
- Provision a guest user access solution and the different options that are available.
- Describe and implement a BYOD solution, with a focus on configuring BYOD using a single SSID.
- Integrate Cisco ISE with a partner MDM solution.
- Use Cisco ISE tools to gather useful information related to historical trending and to troubleshoot.
The knowledge and skills you must have before attending this course are as follows:
- Preferred Advanced Wireless specialized partner or Gold partner.
- Knowledge of basic 802.1X (It is recommended that the student take the free 802.1X E-learning on PEC before attending this training.)
- Basic understanding of Microsoft Active Directory or LDAP.
- CCNA-level route and switch knowledge.