Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0
Implementing and Configuring Cisco Identity Services Engine (SISE) v3.0
Course overview
Course duration
● Instructor-led training: 5 days in the classroom with hands-on lab practice
● Virtual instructor-led training: 5 days of web-based classes with hands-on lab practice
How to enroll
● For instructor-led training, visit the Cisco Learning Locator.
● For private group training, visit Cisco Private Group Training.
Technology areas
● Security
● Wireless
.
Learning@Cisco
Course overview
Course details
Objectives
After taking this course, you should be able to:
● Describe Cisco ISE deployments, including core deployment components and how they interact to create a
cohesive security architecture. Describe the advantages of such a deployment and how each Cisco ISE
capability contributes to these advantages.
● Describe concepts and configure components related to 802.1X and MAC Authentication Bypass (MAB)
authentication, identity management, and certificate services.
● Describe how Cisco ISE policy sets are used to implement authentication and authorization, and how to
leverage this capability to meet the needs of your organization.
®
● Describe third-party Network Access Devices (NADs), Cisco TrustSec , and Easy Connect.
● Describe and configure web authentication, processes, operation, and guest services, including guest
access components and various guest access scenarios.
● Describe and configure Cisco ISE profiling services, and understand how to monitor these services to
enhance your situational awareness about network-connected endpoints. Describe best practices for
deploying this profiler service in your specific environment.
● Describe BYOD challenges, solutions, processes, and portals. Configure a BYOD solution, and describe the
relationship between BYOD processes and their related configuration components. Describe and configure
various certificates related to a BYOD solution.
● Describe the value of the My Devices portal and how to configure this portal.
● Describe endpoint compliance, compliance components, posture agents, posture deployment and licensing,
and the posture service in Cisco ISE.
● Describe and configure TACACS+ device administration using Cisco ISE, including command sets, profiles,
and policy sets. Understand the role of TACACS+ within the Authentication, Authentication, and Accounting
(AAA) framework and the differences between the RADIUS and TACACS+ protocols.
● Migrate TACACS+ functionality from Cisco Secure Access Control System (ACS) to Cisco ISE, using a
migration tool.
Prerequisites
To fully benefit from this course, you should have the following knowledge:
®
● Familiarity with the Cisco IOS Software Command-Line Interface (CLI)
®
● Familiarity with Cisco AnyConnect Secure Mobility Client
● Familiarity with Microsoft Windows operating systems
● Familiarity with 802.1X
Recommended Cisco learning offerings that may help you meet these prerequisites:
®
● Cisco CCNP Security Certification training
● Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)
Page 2 of 4
Learning@Cisco
Course overview
Outline
● Introducing Cisco ISE Architecture and Deployment
◦ Using Cisco ISE as a Network Access Policy Engine
◦ Cisco ISE Use Cases
◦ Describing Cisco ISE Functions
◦ Cisco ISE Deployment Models
◦ Context Visibility
● Cisco ISE Policy Enforcement
◦ Using 802.1X for Wired and Wireless Access
◦ Using MAC Authentication Bypass for Wired and Wireless Access
◦ Introducing Identity Management
◦ Configuring Certificate Services
◦ Introducing Cisco ISE Policy
◦ Implementing Third-Party Network Access Device Support
◦ Introducing Cisco TrustSec
◦ Cisco TrustSec Configuration
◦ Easy Connect
● Web Authentication and Guest Services
◦ Introducing Web Access with Cisco ISE
◦ Introducing Guest Access Components
◦ Configuring Guest Access Settings
◦ Configuring Sponsor and Guest Portals
● Cisco ISE Profiler
◦ Introducing Cisco ISE Profiler
◦ Profiling Deployment and Best Practices
● Cisco ISE BYOD
◦ Introducing the Cisco ISE BYOD Process
◦ Describing BYOD Flow
◦ Configuring the My Devices Portal
◦ Configuring Certificates in BYOD Scenarios
● Cisco ISE Endpoint Compliance Services
◦ Introducing Endpoint Compliance Services
◦ Configuring Client Posture Services and Provisioning in Cisco ISE
● Working with Network Access Devices
◦ Review TACACS+
◦ Cisco ISE TACACS+ Device Administration
◦ Configure TACACS+ Device Administration
◦ TACACS+ Device Administration Guidelines and Best Practices
◦ Migrating from Cisco ACS to Cisco ISE
Page 3 of 4
Learning@Cisco
Course overview
Lab outline
● Access the SISE Lab and Install ISE 2.4
● Configure Initial Cisco ISE Setup, GUI Familiarization, and System Certificate Usage
● Integrate Cisco ISE with Active Directory
● Configure Basic Policy on Cisco ISE
● Configure Policy Sets
● Configure Access Policy for Easy Connect
● Configure Guest Access
● Configure Guest Access Operations
● Create Guest Reports
● Configure Profiling
● Customize the Cisco ISE Profiling Configuration
● Create Cisco ISE Profiling Reports
● Configure BYOD
● Blacklisting a Device
● Configure Cisco ISE Compliance Services
● Configure Client Provisioning
● Configure Posture Policies
● Test and Monitor Compliance-Based Access
● Test Compliance Policy
● Configure Cisco ISE for Basic Device Administration
● Configure TACACS+ Command Authorization
© 2018 Cisco and/or its affiliates. All rights reserved. SISE_3-0 C22-740845-00 07/18
Page 4 of 4