> > > SISE Detailed outline

Implementing and Configuring Cisco Identity Services Engine (SISE)

Course Description Schedule Course Outline

Detailed Course Outline

Module 1: Introducing Cisco ISE Architecture and Deployment

  • Security challenges
  • Cisco ISE solutions Use Cases
    • Guest use
    • BYOD
    • Profiling
    • Compliance
    • Security group access
  • Secure Access Control
  • ISE function
  • ISE deployment components
    • Admin node
    • Policy service node
    • Monitoring node
    • pxGrid Services
    • Policy synchronization
    • Deployment options
  • Context visibility
    • Benefits
    • Wizard
    • Streamline wizard

Module 2: Cisco ISE Policy Enforcement

  • IEEE 802.1X primeer
  • MAC authentication bypass
  • 802.1X and MAB
  • Identity sources
  • Multi-AD overview and configuration
  • Lightweight directory access protocol
  • RADIUS
  • SAMLv2
  • Identity source sequence
  • Certification authority services
  • Authentication and authorization process
  • Exception policies and policy sets
  • Global vs local exception processing
  • Third-party NAD support
  • Cisco TrustSec
  • Easy connect
    • Overview
    • Modes and flows
    • Configuration

Module 3: Web Auth & Guest Services

  • Web authentication overview
  • Guest access services overview
  • Guest access settings
  • ISE sponsor components and configuration

Module 4: Cisco ISE Profiler

  • Profiler service and policies
    • Configure
    • Prepare
    • Enable
    • Probe configuration
    • Feed service
    • Settings
    • Profiling parameters
  • NMAP scan action

Module 5: Cisco ISE BYOD

  • Problem and solutions
  • Design
  • Portal selection process
  • Device portal configuration
  • ISE CA server and local certificates

Module 6: Cisco ISE Endpoint Compliance Services

  • Posture service
    • Conditions
    • Compliance module
    • Flow
    • Agents
    • Deployment and licensing
    • Client provisioning
    • Posture general settings
  • Client provisioning portal and policy

Module 7: Cisco ISE with AMP and VPN-Based Services

  • AAA – external authentication
  • Cisco ASA for VPN authentication
  • Threat centric NAC

Module 8: Cisco ISE Integrated Solutions with APIs

  • Location-based authorization
  • pxGrid framework

Module 9: Working with Network Access Devices

  • TACACS+
    • Device administration
    • Configuration
    • Guidelines
    • Best practices
  • Migrating Cisco ACS to ISE

Module 10: Cisco ISE Design (Self-Study)

  • ISE planning and Pre-deployment
  • ISE sizing and scaling practices
  • Deployment best practices
  • Web portals best practices
  • PSN HA or load sharing
  • Deploying monitoring personas
  • Network infrastructure preparation

Module 11: Configuring Thrid Party NAD Support (optional/Self-Study/Reference)

  • Third-party NAD support configuration

Labs:

  • Initial Configuration of Cisco ISE
  • Complete Cisco ISE GUI Setup
  • Integrate Cisco ISE with Active Directory
  • Integrating Cisco ISE with a second Microsoft Active Directory
  • Basic Policy Configuration
  • Configure Guest Access
  • Guest Access Operations
  • Guest Reports
  • Configuring Profiling
  • Customizing the Cisco ISE Profiling Configuration
  • ISE Profiling Reports
  • BYOD Configuration
  • Device Blacklisting
  • Compliance
  • Configuring Client Provisioning
  • Configuring Posture Policies
  • Testing and Monitoring Compliance Based Access
  • Compliance Policy Testing
  • MDM Integration with Cisco ISE
  • MDM Access and Configuration
  • Client Access with MDM
  • Using Cisco ISE for VPN Access
  • Configuring Backups and Patching
  • Configuring Administrative Access
  • Review of General Tools
  • Report Operations