Overview
This 5-day course is designed to provide students with hands-on lab configuration of the Cisco Identity Services Engine (ISE) running software version 1.0. The Cisco ISE platform takes the place of the Cisco Secure Access Control System (ACS) and Network Admission Control (NAC) servers that are typically used in identity-based networks. The students will implement IEEE 802.1X-based network services using Cisco Catalyst and Nexus switches and Cisco wireless products. The course also addresses solution design, sizing, resiliency, and platform troubleshooting.
Pre-Requisites
Attendees should meet the following prerequisites:
Required:
- CCNA Certification or equivalent level of experience with the configuration of Cisco routers and switches ICND1 and ICND2 or CCNABC
- Introduction to 802.1X Operations for Cisco Security Professionals 802.1X
Recommended:
- CCNP certification or equivalent level of experience.
- CCSP certification or equivalent level of experience.
- Base level of knowledge and understanding of the NAC appliance and Cisco ACS server version 5.X.
Content
Introduction to the Cisco TrustSec 2.0 Solution and Cisco ISE Platform Architecture
- Introducing the Cisco TrustSec 2.0 Solution and ISE Platform Architecture
Cisco Identity Services Engine Deployment
- Installing the Cisco ISE Software
- Integrating Cisco ISE into Microsoft Active Directory
- Configuring Cisco ISE for Distributed Deployment
Classification and Policy Enforcement
- Using Cisco ISE for Policy Enforcement
- Configuring Cisco ISE for MAB
- Configuring Cisco ISE for Wired and Wireless 802.1X Authentication
- Deploying VPN-Based Services Using the Cisco ASA and Inline Posture
- Configuring Web Authentication Using Cisco ISE
Guest, Profiler, and Posture Service Configuration
- Introducing the Cisco ISE Guest Service
- Introducing the Cisco ISE Profiler Service
- Introducing the Cisco ISE Posture Service
Cisco TrustSec 2.0 Architecture Design for the ISE Appliance
- Designing the Cisco TrustSec 2.0 Solution Architecture for the Cisco ISE Appliance
Appendix A: Selecting Cisco TrustSec 2.0 Infrastructure Hardware and the ISE Appliance
Appendix B: Introducing Cisco TrustSec Fundamentals
Labs:
- Lab 1: Lab Topology and Access
- Lab 2: Completing the Initial Setup Configuration
- Lab 3: Integrating Cisco ISE into Microsoft Active Directory
- Lab 4: Configuring Cisco ISE for MAB
- Lab 5: Configuring Cisco ISE for Wired 802.1X Authentication
- Lab 6: Configuring Cisco ISE for Wireless 802.1X Authentication
- Lab 7: Configuring Web Authentication and Policy Enforcement
- Lab 8: Creating Guest Users and Guest User Policies in the Sponsor Portal
- Lab 9: Configuring Cisco ISE for the Profiler Service
- Lab 10: Configuring Cisco ISE for the Posture Service
- Lab 11: Creating a High-Level Design for Cisco ISE (Case Study)
Objectives
After you complete this course you will be able to:
- Describe how the Cisco ISE platform supports the Cisco Borderless Network and Cisco TrustSec solutions.
- Install Cisco ISE software onto a virtual machine and describe the configuration of various deployments.
- Configure the Cisco ISE for policy enforcement.
- Configure and verify the operation of the Guest Service, Profiler Service, and Posture Service functions according to specific requirements.
- Provide the design requirements for Cisco ISE HLD deployments.
Target Audience
Individuals involved in the deployment of the Cisco ISE platform and Cisco Channel Partner engineers looking for Cisco ISE ATP accreditation.
Certification
Recommended preparation for exam (s):
Please note this exam will go EOL on the 24th of June 2013. The replacement exam and course is 500-254 - Course SISE
This exam is only relevant for Field Engineers looking to achieve the Cisco ISE ATP Accreditation. Engineers looking for the Field Engineer Accreditation will also need to take the 650-472 802.1X exam.
Further Information
Cisco have now updated the requirements for the Cisco ISE ATP accreditation. Engineers looking to achieve this accreditation should now be looking to take the SISE course.
