Implementing and Configuring Cisco Identity Services Engine (SISE) V4.1

The Implementing and Configuring Cisco Identity Services Engine (SISE) v4.1 training teaches you to deploy and use Cisco® Identity Services Engine (ISE) v3.x, an identity and access control policy platform that simplifies the delivery of consistent, highly secure access control across wired, wireless, and virtual private network (VPN) connections. This hands-on training provides you with the knowledge and skills to implement and apply Cisco ISE capabilities to support use cases for Zero Trust security posture. These use cases include tasks such as policy enforcement, profiling services, web authentication and guest access services, Bring Your Own Device (BYOD), endpoint compliance services, and Terminal Access Controller Access Control Server (TACACS+) device administration. Through hands-on practice via lab exercises, you will learn how to use Cisco ISE to gain visibility into what is happening in your network, streamline security policy management, and contribute to operational efficiency. 

This training prepares you for 300-715 SISE v1.1 exam. If passed, you earn the Cisco Certified Specialist – Security Identity Management Implementation certification and satisfy the concentration exam requirement for the Cisco Certified Network Professional (CCNP) Security certification. This training also earns you 40 Continuing Education (CE) credits toward recertification. 

How You'll Benefit

This training will help you:  

• Develop and implement SASE architecture
• Understand application of ISE capabilities towards development of a Zero Trust approach
• Enable BYOD and guest access
• Centrally configure and manage posture, authentication, and authorization services in a single web-based GUI console
• Gain leading-edge career skills for high-demand job roles and responsibilities focused on enterprise security
• Prepare for the 300-715 SISE v1.1 exam
• Earn 40 CE credits toward recertification

Course Objectives
 

• Describe the Cisco ISE deployments, including core deployment components and how they interact to create a cohesive security architecture
• Describe the advantages of such a deployment and how each Cisco ISE capability contributes to these advantages
• Describe concepts and configure components related authentication, identity management, and certificate services
• Describe how Cisco ISE policy sets are used to implement authentication and authorization, and how to leverage this capability to meet the needs of your organization
• Describe third-party Network Access Devices (NADs), Cisco TrustSec, and Easy Connect
• Configure web authentication and guest services, including guest access components and various guest access scenarios
• Describe and configure Cisco ISE profiling services
• Understand how to monitor these services to enhance endpoint security and ensure secure edge
• Describe BYOD challenges, solutions, processes, and portals
• Configure a BYOD solution and describe the relationship between BYOD processes and their related configuration components
• Describe and configure various certificates related to a BYOD solution
• Describe endpoint compliance, compliance components, posture agents, posture deployment and licensing, and the posture service in Cisco ISE
• Describe the fundamentals of Identity and Access Management (IAM) by leveraging TACACS+
• Configure TACACS+ device administration using Cisco ISE, including command sets, profiles, and policy sets
• Understand the role of TACACS+ within the Authentication, Authorization, and Accounting (AAA) framework and the differences between the RADIUS and TACACS+ protocols

Who Should Enroll

• Network Security Engineers
• Administrators

Course Prerequisites

There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are: 

• Familiarity with the Cisco IOS® Software Command-Line Interface (CLI) for wired and wireless devices
• Familiarity with Cisco Secure Client
• Familiarity with Microsoft Windows operating systems
• Familiarity with 802.1X

These skills can be found in the following Cisco Learning Offering:   

• Implementing and Operating Cisco Security Core Technologies (SCOR)

Course Outline

Module 1: Introducing Cisco ISE Architecture

• Cisco ISE as a Network Access Policy Engine
• Cisco ISE Use Cases
• Cisco ISE Functions

Module 2: Introducing Cisco ISE Deployment

• Cisco ISE Deployment Models
• Cisco ISE Licensing and Network Requirements
• Cisco ISE Context Visibility Features
• New Features in Cisco ISE 3.X

Module 3: Introducing Cisco ISE Policy Enforcement Components

• 802.1X for Wired and Wireless Access
• MAC Authentication Bypass for Wired and Wireless Access
• Identity Management
• Active Directory Identity Source
• Additional Identity Sources
• Certificate Services

Module 4: Introducing Cisco ISE Policy Configuration

• Cisco ISE Policy
• Cisco ISE Authentication Rules
• Cisco ISE Authorization Rules

Module 5: Troubleshooting Cisco ISE Policy and Third-Party NAD Support

• Cisco ISE Third-Party Network Access Device Support
• Troubleshooting Cisco ISE Policy Configuration

Module 6: Exploring Cisco TrustSec 

• Cisco TrustSec Overview
• Cisco TrustSec Enhancements
• Cisco TrustSec Configuration

Module 7: Introducing Web Authentication and Guest Services

• Web Access with Cisco ISE
• Guest Access Components
• Guest Access Settings

Module 8: Configuring Hotspots and Guest Portals

Module 9: Configuring Cisco ISE BYOD

• Cisco ISE BYOD Solution Overview
• Cisco ISE BYOD Flow
• My Devices Portal Configuration
• Certificate Configuration in BYOD Scenarios

Module 10: Working with Network Access Devices 

• Reviewing AAA
• Cisco ISE TACACS+ Device Administration
• Configuring TACACS+ Device Administration
• TACACS+ Device Administration Guidelines and Best Practices
• Migration from Cisco ACS to Cisco ISE

Module 11: Introducing the Cisco ISE Profiler

• ISE Profiler Overview
• Cisco ISE Probes
• Profiling Policy

Module 12: Introducing Profiling Best Practices and Reporting

• Profiling Best Practices

Module 13: Introducing Cisco ISE Endpoint Compliance Services

• Endpoint Compliance Services Overview

Module 14: Configuring Client Posture Services and Compliance 

• Configuring Client Posture Services and Compliance
• Client Posture Services and Provisioning Configuration

LAB OUTLINE (these labs are Custom to CTCLC)

Lab 0: Lab Access via View Horizon Client               

Lab 1: Cisco ISE GUI Familiarization and Initial Configuration         

Lab 2: MAB Authentication          

Lab 3: Integrate 9K-Client Switch and ISE                

Lab 4: Create Policies for Domain Computers      

Lab 5: Create Policies for Employee         

Lab 6: Create Policies for Contractors      

Lab 7: Create Policies for the Wireless Users        

Lab 8: Configure Hotspot Portal

Lab 9: Client Testing – Hotspot Portal      

Lab 10: Configure Self-Registration Portal              

Lab 11: Configure Self-Registration Portal with Sponsor Approval               

Lab 12: Configure Sponsored Guest Portal            

Lab 13: Configure Profiling           

Lab 14: Configure Profiling for Cisco IP Phone      

Lab 15 (Optional): Create Cisco ISE Profiling Reports         

Lab 16: Configure BYOD 

Lab 17: BYOD Device Management 

Lab 19: Configure Posture Compliance Services on Cisco ISE

Lab 20: Configure Client Provisioning Portal          

Lab 21: Configure Posture Elements and Posture Policy   

Lab 22: Posture Authorization Profiles and Policy Sets      

Lab 23: Test Compliance Policy for BYOD User     

Lab 24: Agentless Posture

Lab 25: Configure Cisco ISE for Basic Device Administration           

Lab 26: Configure TACACS+ Command Authorization       

Lab 27: Configure Cisco TrustSec