Toll Free - 877-442-3915

Account | Self-Paced Login

Account | Self-Paced Login | 877-442-3915

Cisco Identity Services Engine Essentials (ISE-Essentials) Course

Cisco Identity Services Engine Essentials (ISE-Essentials) Training Course

Course Description:

The Cisco Identity Services Engine Essentials (ISE-Essentials) course is a 3-day hands-on course that is designed to teach students about the Cisco Identity Services Engine (ISE) a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x and MAB. The course prepares learners with the knowledge and skills to implement 802.1X and MAB for wired and wireless endpoints. The focus of the class is on configuring Network Access Devices (IOS switches, and Wireless Lan Controllers) with commands necessary for ISE integration. Additionally, the class discusses the configuration of endpoints to use the native Microsoft supplicant with PEAP and EAP-TLS, as well as the Cisco NAM supplicant with EAP-FAST. Time is taken to examine Microsoft Active Directory group policy for endpoint configuration, and to cover integration of an enterprise CA for certificate based authentication.

With enhanced hands-on labs, students will setup and patch an ISE node, and use and enterprise CA to configure certificate services for use in a distributed deployment. Students will integrate ISE with Active Directory and configure Group Policy to automatically enroll endpoints with an enterprise CA for TLS based authentication. Students will configure and test AAA and 802.1X on an IOS switch using classical commands to integrate with ISE. Students will migrate and test an IOS switch configuration to use the new-mode IBNS 2.0 Cisco Common Classification Policy Language (C3PL). Students will configure and test a Cisco Wireless LAN Controller (WLC) with advanced ISE features. The class also discusses the new ISE 2.3 conditions studio and its use in Policy Sets for Authentication/Authorization rules, Profiling of endpoints on the network, and Device Administration using TACACS+.

This course includes 30 Cisco e-lab credits.

Topics covered in the course include:

  • Implementing Best Practices for Designing and Deploying a Distributed Cisco ISE Solution
  • Instalingl certificates into ISE using a Windows 2012 Certificate Authority (CA)
  • Configuring the Local and Active Directory Based Identity Store and use of Identity Source Sequences
  • Implementing Best Practices for configuring a Cisco IOS Switch for use with ISE
  • Migrating an existing Cisco IOS Switch configuration to New-Mode Cisco Common Classification Policy Language (C3PL)
  • Implement Best Practices for configuring a Cisco Wireless LAN Controller (WLC) for use with ISE
  • Configure Policy Sets and Network Access Devices in ISE
  • Implement & Test 802.1X in ISE for wired PEAP, EAP-FAST & EAP-TLS Supplicants
  • Implementing and Testing 802.1X in ISE for wireless EAP-FAST & EAP-TLS Supplicants
  • Implementing and Testing Test MAC Authentication Bypass (MAB) in ISE for wired and wireless endpoints
  • Turning on Endpoint Profiling and using it to identify popular endpoints such as Windows and Apple iOS devices.
  • Implementing TACACS+ for Switch and WLC Device Administration

Target Student:

  • Consulting systems engineers
  • Technical solutions architects
  • Integrators who install and implement the Cisco ISE version 2.3
  • End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE 2.3
  • Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product


The learner is expected to have the following skills and knowledge before attending this course:

  • CCNA Security or equivalent level of experience with Cisco devices
  • Foundation-level wireless knowledge and skills
  • Familiarity with Microsoft Windows and Microsoft Active Directory
  • Familiarity with 802.1X
  • Familiarity with Cisco ASA
  • Familiarity with Cisco AnyConnect Secure Mobility Client

Training Dates
(Click on the course name below to view course details and full list of class dates)
Course Syllabus

  • Cisco ISE Architecture and Deployment
    • Cisco ISE Features Overview
    • PKI in an ISE deployment
    • Cisco ISE Deployment Models
  • Cisco ISE Identity Management
    • Configuring Cisco ISE Internal Identity Sources
    • Configuring Cisco ISE External Identity Sources
    • Configuring Endpoints for Certificate Based Authentication
  • Cisco ISE Policy Enforcement
    • Registering Network Access Devices in Cisco ISE
    • Working with ISE Dictionaries
    • Configuring Cisco ISE Policy Sets
    • Using the Cisco ISE Conditions Studio to Configure Policy Elements
    • Creating Downloadable ACLs and Authorization Profiles
    • Configuring Authentication Policy Rules including Identity Source and Allowed Protocols
    • Configuring Authorization Policy Rules including conditions and authorization profiles
  • Introducing Wired and Wireless 802.1X and MAB
    • Overview of 802.1X Including Commonly implemented Extensible Authentication Protocols (EAPs)
    • Configuring a Cisco IOS Switch using Identity-Based Network Services (IBNS) commands for integration with ISE including
    • Configure & Test 802.1x supplicant parameters on a wired endpoint using PEAP and EAP-TLS
    • Migrating to IBNS 2.0 Cisco Common Classification Policy Language (C3PL) commands on a Cisco Switch
    • Configure & Test 802.1x supplicant parameters on a wired endpoint using EAP-FAST
    • Configuring a Cisco WLC for integration with ISE from the WLC CLI and GUI
    • Configure & Test 802.1x supplicant parameters on a wireless endpoint using EAP-FAST & EAP-TLS
    • Implement & Test MAC Authentication Bypass in ISE for non-supplicant Endpoints
  • Cisco ISE Profiler for Endpoint Discovery and Classification
    • Configuring Profiler Probes
    • Working with the Profiler Feed Service
    • Implementing Profiler Policy and Identity Groups
    • Using Profiler Logical Profiles
  • Cisco ISE TACACS+ for wired and wireless Device Administration
    • Configuring TACACS Policy Sets
    • Working with Identity Sources for Authentication
    • Configuring Shell Profiles & Command Sets for Authorization
    • Performing Wired and Wireless Device Administration

Lab01 - Setup an ISE Node and Configure Certificates
Lab02 - Register an ISE Node in a Distributed Deployment
Lab03 - Integrate ISE with Active Directory
Lab04 - Configure Endpoints for Certificate Based Authentication
Lab05 - Register NADs and Configure ISE Policy
Lab06 - Configure an IOS Switch and Test Wired PEAP and EAP-TLS
Lab07 - Migrate a Switch to IBNS 2.0 (C3PL) and Test Wired EAP-FAST
Lab08 - Configure a WLC and Test Wireless EAP-FAST
Lab09 - Implement MAC Authentication Bypass (MAB)
Lab10 - Configure and Test Endpoint Profiling
Lab11 - Implement TACACS+ for Switches and WLCs


Cisco Identity Services Engine Essentials (ISE-Essentials) On-Site Group Training
Arrange a private Cisco Identity Services Engine Essentials (ISE-Essentials) training class for your team with one of our Certified Instructors. Private instruction for your team members at a lower per-student price than attending the public courses. Learn More or complete the quote request form below.

Cisco On-Demand Training

"The Instructor made class truly interesting and put everything into real world terms."
- Meredith T(Jersey City, NJ)

Business Computer Skills BBB Profile