Implementing and Configuring Cisco Identity Services Engine (SISE)

In this Implementing and Configuring Cisco Identity Services Engine course provides a comprehensive introduction to Cisco Identity Services Engine, focusing on how identity, context, and policy are used to control network access across wired, wireless, and VPN environments. It is designed for network and security professionals who need to deploy, configure, and troubleshoot Cisco ISE as a centralized policy engine for authentication, authorization, and accounting. The course establishes a strong architectural foundation before progressing into hands-on policy enforcement and operational use cases.

Students begin by exploring Cisco ISE architecture, deployment models, licensing, and new features introduced in Cisco ISE 3.x. Core policy enforcement components are covered in detail, including 802.1X, MAC Authentication Bypass, certificate-based authentication, Active Directory integration, and support for additional identity sources. Policy configuration modules guide students through building authentication and authorization rules that dynamically control user and device access based on identity, posture, and context.

The course expands into advanced access scenarios such as guest services, web authentication, BYOD onboarding, endpoint profiling, and posture compliance. Cisco TrustSec is introduced as a scalable segmentation framework using Security Group Tags, while TACACS+ device administration modules address centralized management of network infrastructure access. 

Extensive CTCLC-custom labs reinforce each topic through real-world scenarios, including policy creation, profiling, guest access, BYOD compliance, TrustSec configuration, and troubleshooting, preparing students for enterprise deployments and the 300-715 certification exam.

How You'll Benefit

This training will help you:  

• Develop and implement SASE architecture
• Understand application of ISE capabilities towards development of a Zero Trust approach
• Enable BYOD and guest access
• Centrally configure and manage posture, authentication, and authorization services in a single web-based GUI console
• Gain leading-edge career skills for high-demand job roles and responsibilities focused on enterprise security
• Prepare for the 300-715 SISE v1.1 exam
• Earn 40 CE credits toward recertification

Course Objectives 

• Describe the Cisco ISE deployments, including core deployment components and how they interact to create a cohesive security architecture
• Describe the advantages of such a deployment and how each Cisco ISE capability contributes to these advantages
• Describe concepts and configure components related authentication, identity management, and certificate services
• Describe how Cisco ISE policy sets are used to implement authentication and authorization, and how to leverage this capability to meet the needs of your organization
• Describe third-party Network Access Devices (NADs), Cisco TrustSec, and Easy Connect
• Configure web authentication and guest services, including guest access components and various guest access scenarios
• Describe and configure Cisco ISE profiling services
• Understand how to monitor these services to enhance endpoint security and ensure secure edge
• Describe BYOD challenges, solutions, processes, and portals
• Configure a BYOD solution and describe the relationship between BYOD processes and their related configuration components
• Describe and configure various certificates related to a BYOD solution
• Describe endpoint compliance, compliance components, posture agents, posture deployment and licensing, and the posture service in Cisco ISE
• Describe the fundamentals of Identity and Access Management (IAM) by leveraging TACACS+
• Configure TACACS+ device administration using Cisco ISE, including command sets, profiles, and policy sets
• Understand the role of TACACS+ within the Authentication, Authorization, and Accounting (AAA) framework and the differences between the RADIUS and TACACS+ protocols

What to Expect in the Exam

Implementing and Configuring Cisco Identity Services Engine (300-715 SISE) v1.1 is a 90-minute exam associated with the Cisco Certified Specialist – Security Identity Management Implementation certification and satisfies the concentration exam requirement for the CCNP Security certification. 

This exam tests your knowledge of Cisco ISE, including: 

• Architecture and deployment
• Policy enforcement
• Web Auth and guest services
• Profiler
• BYOD
• Endpoint compliance
• Network access device administration

Who Should Enroll

• Network Security Engineers
• Administrators

Course Prerequisites

There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are: 

• Familiarity with the Cisco IOS® Software Command-Line Interface (CLI) for wired and wireless devices
• Familiarity with Cisco Secure Client
• Familiarity with Microsoft Windows operating systems
• Familiarity with 802.1X

These skills can be found in the following Cisco Learning Offering:   

• Implementing and Operating Cisco Security Core Technologies (SCOR)

COURSE OUTLINE

Module 1: Introducing Cisco ISE Architecture

• Cisco ISE as a Network Access Policy Engine
• Cisco ISE Use Cases
• Cisco ISE Functions

Module 2: Introducing Cisco ISE Deployment

• Cisco ISE Deployment Models
• Cisco ISE Licensing and Network Requirements
• Cisco ISE Context Visibility Features
• New Features in Cisco ISE 3.X

Module 3: Introducing Cisco ISE Policy Enforcement Components

• 802.1X for Wired and Wireless Access
• MAC Authentication Bypass for Wired and Wireless Access
• Identity Management
• Active Directory Identity Source
• Additional Identity Sources
• Certificate Services

Module 4: Introducing Cisco ISE Policy Configuration

• Cisco ISE Policy
• Cisco ISE Authentication Rules
• Cisco ISE Authorization Rules

Module 5: Troubleshooting Cisco ISE Policy and Third-Party NAD Support

• Cisco ISE Third-Party Network Access Device Support
• Troubleshooting Cisco ISE Policy Configuration

Module 6: Exploring Cisco TrustSec 

• Cisco TrustSec Overview
• Cisco TrustSec Enhancements
• Cisco TrustSec Configuration

Module 7: Introducing Web Authentication and Guest Services

• Web Access with Cisco ISE
• Guest Access Components
• Guest Access Settings

Module 8: Configuring Hotspots and Guest Portals

Module 9: Configuring Cisco ISE BYOD

• Cisco ISE BYOD Solution Overview
• Cisco ISE BYOD Flow
• My Devices Portal Configuration
• Certificate Configuration in BYOD Scenarios

Module 10: Working with Network Access Devices 

• Reviewing AAA
• Cisco ISE TACACS+ Device Administration
• Configuring TACACS+ Device Administration
• TACACS+ Device Administration Guidelines and Best Practices
• Migration from Cisco ACS to Cisco ISE

Module 11: Introducing the Cisco ISE Profiler

• ISE Profiler Overview
• Cisco ISE Probes
• Profiling Policy

Module 12: Introducing Profiling Best Practices and Reporting

• Profiling Best Practices

Module 13: Introducing Cisco ISE Endpoint Compliance Services

• Endpoint Compliance Services Overview

Module 14: Configuring Client Posture Services and Compliance 

• Configuring Client Posture Services and Compliance
• Client Posture Services and Provisioning Configuration

LAB OUTLINE (these labs are Custom to CTCLC)

Lab 0: Lab Access via View Horizon Client               

Lab 1: Cisco ISE GUI Familiarization and Initial Configuration         

Lab 2: MAB Authentication          

Lab 3: Integrate 9K-Client Switch and ISE                

Lab 4: Create Policies for Domain Computers      

Lab 5: Create Policies for Employee         

Lab 6: Create Policies for Contractors      

Lab 7: Create Policies for the Wireless Users        

Lab 8: Configure Hotspot Portal

Lab 9: Client Testing – Hotspot Portal      

Lab 10: Configure Self-Registration Portal              

Lab 11: Configure Self-Registration Portal with Sponsor Approval               

Lab 12: Configure Sponsored Guest Portal            

Lab 13: Configure Profiling           

Lab 14: Configure Profiling for Cisco IP Phone      

Lab 15 (Optional): Create Cisco ISE Profiling Reports         

Lab 16: Configure BYOD 

Lab 17: BYOD Device Management 

Lab 19: Configure Posture Compliance Services on Cisco ISE

Lab 20: Configure Client Provisioning Portal          

Lab 21: Configure Posture Elements and Posture Policy   

Lab 22: Posture Authorization Profiles and Policy Sets      

Lab 23: Test Compliance Policy for BYOD User     

Lab 24: Agentless Posture

Lab 25: Configure Cisco ISE for Basic Device Administration           

Lab 26: Configure TACACS+ Command Authorization       

Lab 27: Configure Cisco TrustSec