Implementing and Configuring Cisco Identity Services Engine (SISE) V4.1

The Implementing and Configuring Cisco Identity Services Engine (SISE) v4.1 training teaches you to deploy and use Cisco® Identity Services Engine (ISE) v3.x, an identity and access control policy platform that simplifies the delivery of consistent, highly secure access control across wired, wireless, and virtual private network (VPN) connections. This hands-on training provides you with the knowledge and skills to implement and apply Cisco ISE capabilities to support use cases for Zero Trust security posture. These use cases include tasks such as policy enforcement, profiling services, web authentication and guest access services, Bring Your Own Device (BYOD), endpoint compliance services, and Terminal Access Controller Access Control Server (TACACS+) device administration. Through hands-on practice via lab exercises, you will learn how to use Cisco ISE to gain visibility into what is happening in your network, streamline security policy management, and contribute to operational efficiency. 

This training prepares you for 300-715 SISE v1.1 exam. If passed, you earn the Cisco Certified Specialist – Security Identity Management Implementation certification and satisfy the concentration exam requirement for the Cisco Certified Network Professional (CCNP) Security certification. This training also earns you 40 Continuing Education (CE) credits toward recertification. 

How You'll Benefit

This training will help you:  

• Develop and implement SASE architecture
• Understand application of ISE capabilities towards development of a Zero Trust approach
• Enable BYOD and guest access
• Centrally configure and manage posture, authentication, and authorization services in a single web-based GUI console
• Gain leading-edge career skills for high-demand job roles and responsibilities focused on enterprise security
• Prepare for the 300-715 SISE v1.1 exam
• Earn 40 CE credits toward recertification

Course Objectives
 

• Describe the Cisco ISE deployments, including core deployment components and how they interact to create a cohesive security architecture
• Describe the advantages of such a deployment and how each Cisco ISE capability contributes to these advantages
• Describe concepts and configure components related authentication, identity management, and certificate services
• Describe how Cisco ISE policy sets are used to implement authentication and authorization, and how to leverage this capability to meet the needs of your organization
• Describe third-party Network Access Devices (NADs), Cisco TrustSec, and Easy Connect
• Configure web authentication and guest services, including guest access components and various guest access scenarios
• Describe and configure Cisco ISE profiling services
• Understand how to monitor these services to enhance endpoint security and ensure secure edge
• Describe BYOD challenges, solutions, processes, and portals
• Configure a BYOD solution and describe the relationship between BYOD processes and their related configuration components
• Describe and configure various certificates related to a BYOD solution
• Describe endpoint compliance, compliance components, posture agents, posture deployment and licensing, and the posture service in Cisco ISE
• Describe the fundamentals of Identity and Access Management (IAM) by leveraging TACACS+
• Configure TACACS+ device administration using Cisco ISE, including command sets, profiles, and policy sets
• Understand the role of TACACS+ within the Authentication, Authorization, and Accounting (AAA) framework and the differences between the RADIUS and TACACS+ protocols

Who Should Enroll

• Network Security Engineers
• Administrators

Course Prerequisites

There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are: 

• Familiarity with the Cisco IOS® Software Command-Line Interface (CLI) for wired and wireless devices
• Familiarity with Cisco Secure Client
• Familiarity with Microsoft Windows operating systems
• Familiarity with 802.1X

These skills can be found in the following Cisco Learning Offering:   

• Implementing and Operating Cisco Security Core Technologies (SCOR)

Course Outline

Module 1: Initial Configuration and Certificate Usage

• Covers the setup of Cisco ISE from scratch, including network settings, administrator accounts, system certificates, and enabling HTTPS and EAP authentication with trusted certificate authorities.

Module 2: Integration with Active Directory

• Demonstrates how to join Cisco ISE to an Active Directory domain to enable user and group-based authentication and authorization.

Module 3: AAA Policy for MAB

• Focuses on configuring policies for non-802.1X devices (like printers or IP phones) to authenticate using MAC addresses.

Module 4: AAA Policy for 802.1X

• Teaches creation and testing of 802.1X authentication policies for wired and wireless clients using EAP methods such as PEAP or EAP-TLS.

Module 5: Cisco TrustSec

• Introduces TrustSec concepts such as Security Group Tags (SGTs) and policy enforcement, demonstrating segmentation and access control within the network.

Module 6: Guest Access Settings

• Configures foundational guest access parameters, portals, and policies to manage temporary guest users on the network.

Module 7: Hotspot and Self-Registered Guest Access

• Shows how to create guest access portals that allow users to self-register for limited internet access without sponsor approval.

Module 8: Sponsor-Approved and Fully Sponsored Guest Access

• Covers workflows where guests are approved or created by authorized sponsors, with differing access privileges and expiration policies.

Module 9: Guest Reporting

• Demonstrates how to generate and interpret guest access reports, including session data, user accounts, and network usage metrics.

Module 10: Cisco ISE BYOD

• Explores Bring Your Own Device (BYOD) onboarding and provisioning, including device registration, certificate issuance, and policy enforcement.

Module 11: Lost or Stolen BYOD Devices

• Covers how to identify, quarantine, and revoke access for missing or compromised personal devices within the BYOD framework.

Module 12: TACACS+ Basic Device Administration

• Introduces the use of Cisco ISE as a TACACS+ server to centralize authentication and authorization for network device logins.

Module 13: TACACS+ Command Authorization

• Extends TACACS+ usage by enforcing command-level authorization and role-based access control for administrators.

Module 14: Cisco ISE Profiling Configuration

• Shows how ISE identifies and classifies endpoints using profiling policies and probes such as DHCP, RADIUS, and SNMP.

Module 15: Profiling Customization

• Covers creating and tuning custom profiling policies to recognize unique or unsupported device types.

Module 16: Profiling Reports

• Explains how to use profiling reports to monitor endpoint types, network behavior, and policy compliance.

Module 17: Cisco ISE Compliance Services

• Introduces posture assessment and compliance services that evaluate endpoint health and enforce remediation actions.

Module 18: Client Provisioning

• Walks through provisioning policies that automatically install agents or network configuration profiles on client devices.

Module 19: Posture Policies

• Demonstrates creating and enforcing posture policies that check for antivirus, patches, or system configurations before granting access.

Module 20: Compliance-Based Access

• Combines posture and authorization policies to dynamically grant or restrict access based on endpoint compliance status.

LAB OUTLINE (these labs are Custom to CTCLC)

Lab 0: Lab Access via View Horizon Client               

Lab 1: Cisco ISE GUI Familiarization and Initial Configuration         

Lab 2: MAB Authentication          

Lab 3: Integrate 9K-Client Switch and ISE                

Lab 4: Create Policies for Domain Computers      

Lab 5: Create Policies for Employee         

Lab 6: Create Policies for Contractors      

Lab 7: Create Policies for the Wireless Users        

Lab 8: Configure Hotspot Portal

Lab 9: Client Testing – Hotspot Portal      

Lab 10: Configure Self-Registration Portal              

Lab 11: Configure Self-Registration Portal with Sponsor Approval               

Lab 12: Configure Sponsored Guest Portal            

Lab 13: Configure Profiling           

Lab 14: Configure Profiling for Cisco IP Phone      

Lab 15 (Optional): Create Cisco ISE Profiling Reports         

Lab 16: Configure BYOD 

Lab 17: BYOD Device Management 

Lab 19: Configure Posture Compliance Services on Cisco ISE

Lab 20: Configure Client Provisioning Portal          

Lab 21: Configure Posture Elements and Posture Policy   

Lab 22: Posture Authorization Profiles and Policy Sets      

Lab 23: Test Compliance Policy for BYOD User     

Lab 24: Agentless Posture

Lab 25: Configure Cisco ISE for Basic Device Administration           

Lab 26: Configure TACACS+ Command Authorization       

Lab 27: Configure Cisco TrustSec