• No results found

Implementing and Configuring Cisco Identity Services Engine SISE v1.3; 5 Days; Instructor-led

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Implementing and Configuring Cisco Identity Services Engine SISE v1.3; 5 Days; Instructor-led"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Implementing and Configuring Cisco Identity Services Engine

SISE v1.3; 5 Days; Instructor-led

Course Description

Implementing and Configuring Cisco Identity Services Engine (SISE) v1.3 is a 5-day ILT training program designed for ATP partner systems and field engineers, consulting systems engineers, technical solutions architects, and Cisco integrators who install and implement the Cisco Identity Service Engine version 1.3. The course covers the key components and procedures needed to install, configure, manage, and troubleshoot the Cisco Identity Services Engine version 1.3.

Course Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

 Install Cisco ISE v. 1.3

 Understand the concepts of Policy Enforcement in a Cisco network

 Configure Cisco ISE v 1.3 for the following Use Cases

 Guest Access

 BYOD and MDM

 Cisco ISE Compliance and Posture

 Understand the concepts of designing an implementation along with Cisco recognized best practices

Audience

The primary audience for this course is as follows:

 Partner Field Engineers

 Partner System Engineers Prerequisites

The knowledge and skills that a learner must have before attending this course are as follows:

 CCNA

 CCNA Security

 Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)

 Knowledge of Cisco Wireless LAN Controllers and Lightweight Access Points

 Knowledge of basic command-line configuration of Cisco Catalyst switches

 Familiarity with Microsoft Windows and Active Directory Course Outline

(2)

 Overview

 Course Goal and Objectives

 Course Flow

Module 1: Introducing the Cisco Secure Access Solution and ISE Platform Architecture Lesson 1: The Cisco Secure Access Solution

 Define a Standard Access Solution

 Define components of a Secure Access Solution

 Define high-level client access, identifying the previously defined components802.1X, MAB, Web Authentication, and VPN

Lesson 2: Cisco ISE as a Network Access Policy Engine

 Introduce the components of an ISE deployment

 List ISE Functions (Access Policy, Guest Lifecycle Management, Profiling, Posture, BYOD, pxGrid, and so on.)

Lesson 3: Cisco ISE Policy Security Mechanisms

 Introduce the concept of Context and Flexible Authentication

 Introduce and define RADIUS CoA

 Identify Access Point ACLsdACLs, wACLs, and NAD Filters (Switch and VPN)

 Introduce and define TrustSec

 Describe Mobile Device Management (MDM) Lesson 4: Cisco TrustSec

 Describe the standard Network Security Policy model

 IP-based ACLs

 The effects of Network (IP) growth and the requirements needed to update the Network Security Policy

 Introduce the TrustSec security model

 TrustSec enforcement Model

 The Concept of Grouping in networks

 SG Enforcement mechanisms

 Security Group Domains

 Describe MACsec 802.1AE Lesson 5: Installing Cisco ISE

 Identify the installation pre-requisitesDNS, NTP, VM, DISK I/O, and so on

 Complete the setup process

 Describe the certificates used in ISEclient Auth/ Web portals: admin, sponsor, and client Lesson 6: Cisco ISE GUI Orientation

 Navigate the top-level areas of the Cisco ISE GUI

 Use navigation features of Cisco ISE GUI, such as hover, drill down, and pop-ups Module 2: Cisco ISE Policy Enforcement

Lesson 1: 802.1X and MAB Access Wired and Wireless

(3)

 Describe MAC Authentication Bypass

 Perform NAD Configuration

 Explain ISE Configuration for 802.1X and MAB

 Verify 802.1X and MAB connections Lesson 2: Identity Management

 Describe Identity

 Describe Internal Identity Sources

 Describe External Identity Sources

 Multi-AD Overview and Configuration

 Describe Identity Source Sequences (ISSs) Lesson 3: Cisco ISE Policy Overview

 Identify the Authentication and Authorization parts of the process

 Discuss Dictionaries, Identity Sources, and ISSs

 Discuss Authentication and its components

 Discuss Authorization and its components

 Discuss exception policies and policy sets Lesson 4: Cisco ISE Policy Sets

 Configure, enable, and use Policy Sets

 Compare global versus local exception processing Module 3: Web Authentication

Lesson 1: Web Access with Cisco ISE

 Explore Different Web Access Portals in ISE

 Investigate Guest Access, BYOD, WebAuth use cases

 Discuss Web Access components and configuration Lesson 2: WebAuth Configuration

 Configure ISE and NADs Configuration for WebAuth

 Identify Wired, Wireless, Converged Access requirements

 Verify WebAuth configuration Module 4: Cisco ISE Guest Services

Lesson 1: Cisco ISE Guest Access Components

 Discuss Guest Access Services

 Discuss Guest Flow for Hotspot Access

 Discuss Guest Flow for Self-Registered Access

 Discuss Guest Flow for Self-Registered Access with Approval

 Discuss Guest Flow for Sponsored Access

 Identify Multiple Guest Portals

 Use ISE 1.3 Guest Enhancement Lesson 2: Guest Access Settings

(4)

 Describe Guest Account Purge Policy

 Modify Custom Fields

 Modify Guest Email Settings

 Guest Locations and SSIDs

 Describe Guest Password Policy

 Describe Guest Username Policy

 Modify SMS Gateway Settings

 Identify Guest Types

Lesson 3: Sponsors and Sponsor Portals

 Describe Sponsor Groups Overview and Settings

 Describe Sponsor Portal Customization

 Create Guest Account via Desktop Sponsor Portal

 Create Guest Account via Mobile Sponsor Portal

 Manage Guest Account

Lesson 4: Cisco ISE Guest Portal Overview

 Describe Guest Portals

 Describe Hotspot Guest Portals

 Describe Self-Registration Guest Portals

 Describe Sponsored Guest Portal

 Customize Guest Portals

 Assign Portal in AuthZ Profiles

Lesson 5: Cisco ISE Guest Operations and Reports

 Generate New Monitoring Reports

 Generate New Guest Access Reports

 Generate New Guest Logging Messages

 Generate Home Page Guest Reports

 Generate Enhanced Debug Logs

 Describe Endpoint Purging Module 5: Cisco ISE Profiler Lesson 1: Introduction to Profiling

 Describe Information Sources

 Describe how Profiling Probes access the data

 Describe Profiling Probes

 Configure NADs for Profiling

 Review Endpoint Identity Information Lesson 2: Profiling Configuration on Cisco ISE

 Configure Profiler on Cisco ISE

 Describe Profiler Policies and Conditions

 Verify Profiler Configuration Module 6: Cisco ISE BYOD and MDM

(5)

Lesson 1: Cisco ISE BYOD Process Overview

 Describe BYOD Components

 Describe BYOD Enhancements

 Describe BYOD Design Lesson 2: BYOD Portal Selection

 Describe BYOD Portal Selection Process

 Describe Single-SSID BYOD Configuration

 Describe Dual-SSID BYOD Configuration Lesson 3: My Devices Portal Settings

 Describe My Devices Portal Configuration

 Manage My Devices Portal End-user Experience Lesson 4: Certificates in BYOD Scenarios

 Use local ISE CA Server and Local Certificates

 Use Certificate Templates

 Use Certificates Operations Lesson 5: Describe MDM and ISE

 Describe MDM

Module 7: Cisco ISE Endpoint Compliance Services Lesson 1: Endpoint Compliance Posture Service Overview

 Describe Endpoint Compliance and Access

 Describe Compliance Components

 Describe Compliance MDM, AnyConnect, and NAC agents Lesson 2: Client Provisioning in Cisco ISE

 Describe Client Provisioning Flows

 Describe Client Provisioning Settings

 Describe Client Provisioning Policy Lesson 3: Mobile Client Provisioning in Cisco ISE

 Describe MDM

 Describe Cisco ISE integration with MDM servers

 Describe Mobile device agent provisioning

Lesson 4: Configuring Cisco ISE for Posture Compliance

 Describe Configuration of Posture Services

 Describe Authorization Policy Adjustments for Posture

 Describe Posture Reports

Module 8: Using Cisco ISE for VPN-based Services Lesson 1: VPN Access Overview

 Describe AAA External Authentication

(6)

 Describe Access Flows with Cisco ISE and ASA Pre9.2 Lesson 2: Configuring Cisco ASA v9.2+ for VPN Access

 Configure ASA for VPN authentication via ISE

 Add ASA as new NAD on ISE

 Use Cisco ISE for Posture services

 Configure ASA v9.2+ for Posture services

 Verify Posture configuration on ASA and ISE

Lesson 3: Using Inline Posture Node for NADs without CoA Support

 Describe the Inline Posture Node

 Describe the Inline Posture processing flow

 Describe routed and bridged modes of Inline Posture Node Module 9: Cisco TrustSec

Lesson 1: Cisco TrustSec

 Describe SGA Overview

 SXP and SGACLs Overview

 SGFW Enforcement Module 10: Cisco ISE Design Lesson 1: Node Capabilities

 Describe Cisco ISE Deployment Types

 Describe Node Communications Lesson 2: Failover and High Availability

 Discuss Failover and High Availability Options

 Describe network Infrastructure Requirements Module 11: Cisco ISE Best Practices

Lesson 1: Best Practices

 Describe Deployment Best Practices

 Describe Certificates Best Practices

 Describe Profiling Best Practices

 Describe CWA Best Practices

 Describe Logging and Troubleshooting Lab Outline

Lab 1-1: Initial Configuration of Cisco ISE Lab 1-2: Complete Cisco ISE GUI Setup

Lab 2-1: Integrate Cisco ISE with Active Directory

Lab 2-2: Integrating Cisco ISE with a second Microsoft Active Lab 2-3: Basic Policy Configuration

Lab 2-4: Conversion to Policy Sets Lab 4-1: Configure Guest Access Lab 4-2: Guest Access Operations Lab 4-3: Guest Reports

(7)

Lab 5-1: Configuring Profiling

Lab 5-2: Customizing the Cisco ISE Profiling Configuration Lab 5-3: ISE Profiling Reports

Lab 6-1: BYOD Configuration Lab 6-2: Device Blacklisting Lab 7-1: Compliance

Lab 7-2: Configuring Client Provisioning Lab 7-3: Configuring Posture Policies

Lab 7-4: Testing and Monitoring Compliance-Based Access Lab 7-5: Compliance Policy Testing

Lab 7-6: MDM Integration with Cisco ISE Lab 7-7: MDM Access and Configuration Lab 7-8: Client Access with MDM Lab 8-1: Using Cisco ISE for VPN Access

References

Download now ( PDF - 7 Page - 341.84 KB )

Related documents

Secure mobility with Citrix & Cisco

• Link Citrix Receiver and AccessGateway with the Cisco secure access portfolio including Cisco AnyConnect, Cisco ASA, and the Cisco Identity Services Engine (ISE) for

IBM Security Systems Solutions

Tivoli Endpoint Manager for Security and Compliance Competitive Positioning Microsoft SCCM Symantec Altiris LANDesk TEM-SC IBM Asset discovery Continuous endpoint

Course Content for Managing Cisco Wireless LANs (WMNGI 1.2) Duration : 4 Days

Cisco Secure Access Control System (ACS) and Cisco Identity Services Engine (ISE) are two solutions that provide network security officers and administrators with compliance

ForeScout CounterACT Endpoint Compliance

CounterACT uses administrative credentials to query corporate-owned devices, which means that CounterACT does not require an endpoint agent to glean the information.. To glean

Tivoli Endpoint Manager for Security and Compliance Analytics

• Computers List – shows the list of all computers in the given scope visible to the logged-in user along with attributes of each computer and the overall, historical

Configure ISE Version 1.4 Posture with Microsoft WSUS

Note: When you access the network, you are redirected to the ISE for Cisco AnyConnect Secure Mobility Client Version 4.1 provisioning with a posture module, which checks the

How To Protect Your Endpoints From Being Stolen By A Cell Phone Or Other Device

For IT productivity and to ensure endpoint compliance and coverage, central management should include the ability to mass deploy and remotely backup data in compliance with

Cisco TelePresence Product Catalog

Cisco TelePresence Product Catalog INTRODUCTION ENDpOINTs Telepresence Immersion Curve Immersive Endpoint products Multipurpose Endpoint products personal Endpoint