This course is geared toward individuals who have no prior knowledge of ISE and 802.1X. The ISE product is Cisco's flagship security product, intended to replace several major current products, including NAC Servers and Managers, NAC Profiler, Guest Server, Profiler, and the Cisco Secure Access Control Server (ACS).
In this course with enhanced hands-on labs, you will cover the Cisco Identity Services Engine (ISE) version 1.2 (labs), a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management. You will gain the knowledge and skills needed to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.
You will learn how to perform a fundamental installation of ISE and how to configure identity-based networks using 802.1X for both wired and wireless clients, using a Windows 8 client. You will also learn to use many of the new features, including AnyConnect 3.1, EAP-FAST, PEAP, BYOD, and EAP Chaining. You'll also see how the new Virtual Wireless Controller (vWLC) works to integrate with ISE along with advanced features within ISE.
Highlights include:- Labs are written for ISE version 1.2
- You perform a patch upgrade and standard upgrade (1.2.1) in a distributed deployment
- EAP-FAST using Machine Authentication (EAP-TLS) and User Authentication (MSCHAPv2 aka Active Directory) configured
- Custom web pages configured for Quarantined users to indicate they are cut from the network
- NAM and Windows supplicant both configured in our labs
- You configure profiling feeds and profiling Logical Groups
- All our pods have been upgraded to Windows 2012 servers, Windows 8 VMs , ASA 5515-X, 3560X switch and much more
- This course includes both wired and wireless configurations and is therefore, by far the most detailed fundamental to advanced course offered on ISE
- We have production notes spread throughout the guide to assist with deployments based on personal experiences with large channel partners
Skills Gained- ISE deployment options including node types, personas, and licensing
- Install certificates into ISE using a Windows 2012 certificate authority (CA)
- Configure a distributed deployment
- Configure AAA clients and network device groups
- Configure local and remote identity store and use of sequence lists
- 802.1X for wired and wireless networks using the latest dot1x commands on a switch and version 7.6 of the vWLC:
- PEAP Authentication (GPO configuration)
- EAP-FAST Authentication (using EAP-TLS and MSCHAPv2 as inner methods)
- Extensible authentication protocol (EAP) chaining
- Service set identifier (SSID) matching in authorization policies using WLAN numbers and regular expressions
- Configure authorization and authentication policies to allow MAC Authentication Bypass endpoints
- Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
- Configure sponsored guest access
- Configure profiler services in ISE and use newer probes available in IOS switch code 15.x
- Profiling Feeds, Logical Profiles and building profiling conditions to match network endpoints
- Configure posture assessments using the Cisco next available agent (NAA) and live updates in ISE
- Configure web agent assessment for non-corporate assets
- Bring your own device (BYOD) for wired
- Maintenance, upgrading, and logging
Who Can Benefit- End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE
- Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product
Prerequisites- CCNA certification or equivalent level of experience configuring Cisco routers and switches
- Basic knowledge of IOS commands
- LAN security related concepts