Course Overview

This course discusses the Cisco Identity Services Engine (ISE), an identity and access control policy platform that provides a single policy plane across the entire organization, combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management, into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.


5 days
Learning Credits: 
  • Upon completion of this course, you will be able to:

    • Describe Cisco ISE architecture, installation, and distributed deployment options
    • Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in
    • Cisco ISE – Implement Cisco ISE web authentication and guest services
    • Deploy Cisco ISE profiling, posture and client provisioning services
    • Describe administration, monitoring, troubleshooting, and TrustSec SGA security
    • Configure device administration using TACACS+ in Cisco ISE
  • Module 1: Introducing Cisco ISE Architecture and Deployment

    • Lesson 1: Using Cisco ISE as a Network Access Policy Engine
    • Lesson 2: Introducing Cisco ISE Deployment Models

    Module 2: Cisco ISE Policy Enforcement

    • Lesson 1: Introducing 802.1X and MAB Access: Wired and Wireless
    • Lesson 2: Introducing Identity Management
    • Lesson 3: Configuring Certificate Services
    • Lesson 4: Introducing Cisco ISE Policy
    • Lesson 5: Configuring Cisco ISE Policy Sets
    • Lesson 6: Implementing Third-Party Network Access Device Support
    • Lesson 7: Introducing Cisco TrustSec
    • Lesson 8: Introducing EasyConnect

    Module 3: Web Auth and Guest Services

    • Lesson 1: Introducing Web Access with Cisco ISE
    • Lesson 2: Introducing ISE Guest Access Components
    • Lesson 3: Configuring Guest Access Settings
    • Lesson 4: Configuring Portals: Sponsors and Guests

    Module 4: Cisco ISE Profiler

    • Lesson 1: Introducing Cisco ISE Profiler
    • Lesson 2: Configuring Cisco ISE Profiling

    Module 5: Cisco ISE BYOD

    • Lesson 1: Introducing the Cisco ISE BYOD Process
    • Lesson 2: Describing BYOD Flow
    • Lesson 3: Configuring My Devices Portal Settings
    • Lesson 4: Configuring Certificates in BYOD Scenarios

    Module 6: Cisco ISE Endpoint Compliance Services

    • Lesson 1: Introducing Endpoint Compliance
    • Lesson 2: Configuring Client Posture Services and Provisioning in Cisco ISE

    Module 7: Cisco ISE with AMP and VPN-Based Services

    • Lesson 1: Introducing VPN Access Using Cisco ISE
    • Lesson 2: Configuring Cisco AMP for ISE

    Module 8: Cisco ISE Integrated Solutions with APIs

    • Lesson 1: Introducing Location-Based Authorization
    • Lesson 2: Introducing Cisco ISE 2.x pxGrid

    Module 9: Working with Network Access Devices

    • Lesson 1: Configuring TACACS+ for Cisco ISE Device Administration

    Module 10: Cisco ISE Design (Self-Study)

    • Lesson 1: Designing and Deployment Best Practices
    • Lesson 2: Performing Cisco ISE Installation and Configuration BestPractices
    • Lesson 3: Deploying Failover and High-Availability

    Module 11: Configuring Third Party NAD Support(Optional/Self-Study/Reference)

    • Lesson 1: Configuring Third-Party NAD Support (Optional, Self-Study, or Reference)
    • Lab 1: Configure Initial Cisco ISE setup, GUI Familiarization, system certificate usage
    • Lab 2: Integrate Cisco ISE with Active Directory
    • Lab 3: Configure Basic Policy on Cisco ISE
    • Lab 4: Configure Conversion to Policy Sets
    • Lab 5: Configure Access Policy for Easy Connect
    • Lab 6: Configure Guest Access
    • Lab 7: Configure Guest Access Operations
    • Lab 8: Create Guest Reports
    • Lab 9: Configure Profiling
    • Lab 10: Customize the Cisco ISE Profiling Configuration
    • Lab 11: Create Cisco ISE Profiling Reports
    • Lab 12: Configure BYOD
    • Lab 13: Blacklisting a Device
    • Lab 14: Configure Compliance Services on Cisco ISE
    • Lab 15: Configure Client Provisioning
    • Lab 16: Configure Posture Policies
    • Lab 17: Test and Monitor Compliance Based Access
    • Lab 18: Test Compliance Policy
    • Lab 19: Configure Cisco ISE for VPN Access
    • Lab 20: Configure Threat-Centric NAC using Cisco AMP
    • Lab 21: Configure Cisco ISE pxGrid and Cisco WSA Integration
    • Lab 22: Configure Cisco ISE for Basic Device Administration
    • Lab 23: Configure TACACS+ Command Authorization
  • It is recommended that a learning have the following knowledge and skills before attending this course:

    • CCNA Security certification
    • Foundation-level network knowledge and skills necessary to install, configure, operate, and troubleshoot network devices and applications
    • Foundation-level wireless knowledge and skills
    • Basic knowledge of Cisco IOS networking and concepts
    • Familiarity with Cisco IOS CLI
    • Familiarity with Cisco ASA
    • Familiarity with Cisco VPN clients
    • Familiarity with MicroSoft Windows Operating Systems
    • Familiarity with 802.1X
    • ISE Administrators/Engineers
    • Wireless Administrators/Engineers
    • Consulting Systems Engineers
    • Technical/Wireless/BYOD/Security Solutions Architects
    • ATP partner systems and field engineers
    • Systems integrators who install and implement the Cisco Identity Service Engine version 1.3