Implementing and Configuring Cisco Identity Services Engine v3.0 (SISE)

This course is geared towards students who have no prior knowledge of ISE and 802.1X. The ISE product is Cisco's flagship security product, intended to replace several major current products, including NAC Servers and Managers, NAC Profiler, Guest Server, Profiler, and the Cisco Secure Access Control Server (ACS).

 

In this course with enhanced hands-on labs, you will cover the Cisco Identity Services Engine (ISE) , a next generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management. You will gain the knowledge and skills needed to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

 

You will learn how to perform a fundamental installation of ISE and how to configure identity-based networks using 802.1X for both wired and wireless clients, using a Windows 7 client. You will also learn to use many of the new features, including AnyConnect 3.1, EAP-FAST, PEAP, BYOD, and EAP Chaining. You'll also see how the new Virtual Wireless Controller (vWLC) works to integrate with ISE along with advanced features within ISE.


Prerequisites

  • CCNA certification or equivalent level of experience configuring Cisco routers and switches
  • Basic knowledge of IOS commands
  • LAN security related concepts
  • 802.1X - Introduction to 802.1X Operations for Cisco Security Professionals


Audience Description

  •  End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE
  • Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product


Objectives

  •  ISE deployment options including node types, personas, and licensing
  • Install certificates into ISE using a Windows 2008 certificate authority (CA)
  • Configure AAA clients and network device groups
  • Configure local and remote identity store and use of sequence lists
  • 802.1X for wired and wireless networks using the latest dot1x commands on a switch and version 7.3 of the vWLC:PEAP Authentication (GPO configuration)
  • EAP-FAST Authentication
  • Extensible authentication protocol (EAP) chaining
  • Service set identifier (SSID) matching in authorization policies
  • Configure authorization and authentication policies to allow MAC Authentication Bypass endpoints
  • Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
  • Configure sponsored guest access
  • Configure profiler services in ISE and use newer probes available in IOS switch code 15.x
  • Configure posture assessments using the Cisco next available agent (NAA) and offline updates in ISE
  • Configure web agent assessment for non-corporate assets
  • Bring your own device (BYOD) using single SSID and dual SSID modes
  • Maintenance, upgrading, and logging
Mostra dettagli


Course Outline

Lesson 1: Cisco ISE Product

  •  Cisco ISECisco TrustSec
  • Cisco ISE Architecture
  • Cisco ISE Deployment Options
  • Getting Started with Cisco ISE Installing Cisco ISE
  • Network Time Protocol
  • Cisco ISE Certificates
  • Monitoring Basics
  • Configuring and Verifying Cisco ISE for Distributed Deployment


Lesson 2: Cisco ISE Authentication and Authorization

  •  Configuring Basic AccessNetwork Access Device (NAD)
  • IEEE 802.1X Primer
  • Cisco Switch Configuration
  • Cisco WLC Configuration
  • Cisco ASA Appliance Configuration
  • Cisco ISE Authentication Process
  • Internal Databases
  • Simple Authentication
  • Rule-Based Authentication
  • Sessions in Cisco ISE
  • External AuthenticationExternal Authentication Process
  • Active Directory
  • Lightweight Directory Access Protocol (LDAP)
  • RADIUS
  • Certificates
  • Identity Source Sequencing
  • Authentication Support and Performance
  • Using Cisco ISE DictionariesCisco ISE Dictionaries
  • Read-Only Dictionaries
  • Administrable Dictionaries
  • RADIUS Vendor Dictionaries
  • Configuring AuthorizationAuthorization Policies and Components
  • Authorization Policy Configuration
  • Exception Policies


Lesson 3: Web Authentication and User Access Management

  •  Implementing Web AuthenticationWeb Authentication
  • Configure Cisco ISE Web Authentication
  • Verifying Web Authentication
  • Implementing Guest ServicesGuest Services
  • Preparing the Deployment
  • Configuring Sponsor Portal
  • Configuring Guest Portal
  • Creating Guest Accounts
  • Verifying Guest Accounts


Lesson 4: Cisco ISE Profiler, Posture, and Endpoint Protection Services

  •  Implementing Cisco ISE Profiler ServiceProfiler Service
  • Configuring Profiling on Cisco ISE
  • Verifying Profiling
  • Implementing Cisco ISE Posture ServicePosture Service
  • Configuring Cisco ISE for Client Provisioning
  • Adapting the Authorization Policy for Posture Compliance
  • Configuring the Posture System Settings
  • Configuring the Posture Policy
  • Verifying the Posture Service
  • Implementing Cisco ISE Endpoint Protection Services (EPS)EPS
  • Configuring EPS
  • Monitoring EPS
  • Implementing BYODBYOD
  • Designing BYOD
  • Dual SSID BYOD Design
  • Device Onboarding User Experience


Lesson 5: Reports, Monitoring, Troubleshooting, and Security

  •  Implementing Inline Posture and TrustSec SecurityInline Posture
  • Security Group Access
  • MAC Security
  • Cisco ISE ArchitectureCisco ISE Deployment Types
  • Deploying Monitoring Personas
  • Preparing the Network Infrastructure
  • Performing Cisco ISE Administration and MaintenanceRole-Based Access Control
  • Cisco ISE Licensing
  • Backing Up and Restoring the System Configuration
  • Using Cisco ISE Reporting, Monitoring, and TroubleshootingCisco ISE Dashboard Monitoring
  • Implementing Logging
  • Managing Alarms
  • Cisco ISE Reports
  • Troubleshooting the Network
  • Backing Up and Restoring the Monitoring Database


Lab Outline

  •  Lab 1: ISE Installation and Web Console Familiarization
  • Lab 2: Install a Certificate in ISE
  • Lab 3: Configure an ISE Distributed Deployment
  • Lab 4: Local and Remote Identity Stores using Active Directory and Sequence Lists
  • Lab 5: 802.1X: Examining and Configuring Supplicants
  • Lab 6: 802.1X: Wired Networks
  • Lab 7: 802.1X: MAR and EAP Chaining
  • Lab 8: 802.1X: Wireless Networks
  • Lab 9: 802.1X: MAC Authentication Bypass (MAB)
  • Lab 10: CWA for Wired and Wireless Networks and My Device Portal
  • Lab 11: Provide Guest Access Using Self-Registration
  • Lab 12: Configure Profiler Services
  • Lab 13: Configure Posture Services
  • Lab 14: Endpoint Protection Services
  • Lab 15: BYOD
  • Lab 16: Maintenance and Monitoring of ISE