Cisco Identity Services Engine Essentials (ISE-Essentials) Training Course
The Cisco Identity Services Engine Essentials (ISE-Essentials) course is a 3-day hands-on course that is designed to teach students about the Cisco Identity Services Engine (ISE) a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x and MAB. The course prepares learners with the knowledge and skills to implement 802.1X and MAB for wired and wireless endpoints. The focus of the class is on configuring Network Access Devices (IOS switches, and Wireless Lan Controllers) with commands necessary for ISE integration. Additionally, the class discusses the configuration of endpoints to use the native Microsoft supplicant with PEAP and EAP-TLS, as well as the Cisco NAM supplicant with EAP-FAST. Time is taken to examine Microsoft Active Directory group policy for endpoint configuration, and to cover integration of an enterprise CA for certificate based authentication.
With enhanced hands-on labs, students will setup and patch an ISE node, and use and enterprise CA to configure certificate services for use in a distributed deployment. Students will integrate ISE with Active Directory and configure Group Policy to automatically enroll endpoints with an enterprise CA for TLS based authentication. Students will configure and test AAA and 802.1X on an IOS switch using classical commands to integrate with ISE. Students will migrate and test an IOS switch configuration to use the new-mode IBNS 2.0 Cisco Common Classification Policy Language (C3PL). Students will configure and test a Cisco Wireless LAN Controller (WLC) with advanced ISE features. The class also discusses the new ISE 2.3 conditions studio and its use in Policy Sets for Authentication/Authorization rules, Profiling of endpoints on the network, and Device Administration using TACACS+.
This course includes 30 Cisco e-lab credits.
Topics covered in the course include:
- Implementing Best Practices for Designing and Deploying a Distributed Cisco ISE Solution
- Instalingl certificates into ISE using a Windows 2012 Certificate Authority (CA)
- Configuring the Local and Active Directory Based Identity Store and use of Identity Source Sequences
- Implementing Best Practices for configuring a Cisco IOS Switch for use with ISE
- Migrating an existing Cisco IOS Switch configuration to New-Mode Cisco Common Classification Policy Language (C3PL)
- Implement Best Practices for configuring a Cisco Wireless LAN Controller (WLC) for use with ISE
- Configure Policy Sets and Network Access Devices in ISE
- Implement & Test 802.1X in ISE for wired PEAP, EAP-FAST & EAP-TLS Supplicants
- Implementing and Testing 802.1X in ISE for wireless EAP-FAST & EAP-TLS Supplicants
- Implementing and Testing Test MAC Authentication Bypass (MAB) in ISE for wired and wireless endpoints
- Turning on Endpoint Profiling and using it to identify popular endpoints such as Windows and Apple iOS devices.
- Implementing TACACS+ for Switch and WLC Device Administration
- Consulting systems engineers
- Technical solutions architects
- Integrators who install and implement the Cisco ISE version 2.3
- End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE 2.3
- Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product
The learner is expected to have the following skills and knowledge before attending this course:
- CCNA Security or equivalent level of experience with Cisco devices
- Foundation-level wireless knowledge and skills
- Familiarity with Microsoft Windows and Microsoft Active Directory
- Familiarity with 802.1X
- Familiarity with Cisco ASA
- Familiarity with Cisco AnyConnect Secure Mobility Client
Lab01 - Setup an ISE Node and Configure Certificates