Implementing and Configuring the Cisco Identifiy Services Engine

Formation intra-entreprise

À qui s'adresse la formation?

  • Cisco Channel Partner SEs and FEs that are seeking to meet the education requirements to attain ATP authorization to sell Cisco ISE
  • Field engineers, network administrators, and consulting systems engineers who implement and maintain the Cisco ISE in enterprise networks
  • Security architects, design engineers, network designers and others seeking hands-on experience with the Cisco ISE
  • Security architects, design engineers, and others seeking hands-on experience with Cisco ISE

Niveau atteint

Avancé

Durée

5,00 jour(s)

Langues(s) de prestation

EN

Prochaine session

Prérequis

  • CCNA or equivalent level of experience with Cisco infrastructures. The Course Interconnecting Cisco Network Devices Part 2 (ICND2) provides the prerequisite knowledge
  • CCNA Security or equivalent level of experience with Cisco infrastructures. The course Implementing Cisco IOS Network Security (IINS) provides the prerequisite knowledge
  • Familiarity with Microsoft Windows and Microsoft Active Directory
  • Familiarity with 802.1X. The course Introduction to 802.1X Operations for Cisco Security

Objectifs

Upon completing this course, the learner will be able to meet these overall objectives:

  • Describe Cisco ISE architecture, installation, and distributed deployment options
  • Configure Network Access Devices, Policy Components and Basic Authentication and Authorization Policies in Cisco ISE
  • Implement Cisco ISE web authentication and guest services
  • Deploy Cisco ISE profiling and posture service
  • Describe administration, monitoring, troubleshooting, and TrustSec SGA security

Contenu

The Implementing and Configuring the Cisco Identity Services Engine course provides security and system engineers and administrators an intensive hands-on experience in architecting, setting up, deploying and managing the Cisco Identity Services Engine (ISE) to support authentication, authorization, accounting and policy-based networking for devices and users. Students will walk through a complete install, configure the network and devices, and use ISE as a policy engine to protect the network. Hands-on labs include:

  • Installing the Cisco ISE
  • Certificate Operations
  • Cisco ISE Node Deployment
  • Configure and Add Network Access Devices to Cisco ISE
  • Implementing ISE to support BYOD
  • Configuring Multiple Cisco ISE Policies
  • Configuring Cisco ISE Guest Services
  • Guest Services Self-Registration
  • Configuring Cisco ISE for Profiling
  • Configuring Cisco ISE for Posture Assessment
  • Cisco ISE Reporting
  • Working with Cisco ISE Monitoring and Troubleshooting
MODULE 1: Cisco ISE Product Overview

Lesson 1: Introducing the Cisco ISE

  • Overview of Cisco TrustSec
  • Overview of Cisco ISE
  • Cisco ISE Architecture
  • Cisco ISE Deployment Options

Lesson 2: Getting Started with Cisco ISE

  • Installing Cisco ISE
  • Network Time Protocol
  • Cisco ISE Certificates
  • Monitoring Basics
  • Configuring and Verifying Cisco ISE Distributed Deployment

Lab 1-1: Installing the Cisco ISE
Lab 1-2: Certificate Operations
Lab 1-3: Cisco ISE Node Deployment

MODULE 2: Cisco ISE Authentication and Authorization

Lesson 1: Configuring Basic Access

  • NAD Overview
  • IEEE 802.1X Primer
  • Cisco Switch Configuration
  • Cisco WLC Configuration
  • Cisco ASA Appliance Configuration
  • Cisco ISE Authentication Process
  • Internal Databases
  • Simple Authentication
  • Rule-Based Authentication
  • Sessions in Cisco ISE

Lesson 2: Understanding External Authentication

  • External Authentication Process
  • Active Directory
  • Active Directory
  • Lightweight Directory Access Protocol
  • RADIUS
  • Certificates
  • Identity Source Sequencing
  • Authentication Support and Performance

Lab 2-1: Configure and Add Network Access Devices to Cisco ISE
Lab 2-2: Configure External Identity Sources

Lesson 3: Using Cisco ISE Dictionaries

  • Overview of Cisco ISE Dictionaries
  • Read-Only Dictionaries
  • Administrable Dictionaries

Lab 2-3: Examine Cisco ISE Dictionaries

Lesson 4: Configuring Authorization

  • Authorization Policies and Components
  • Authorization Policy Configuration
  • Exception Policies

Lab 2-4: Basic Cisco ISE Policies
Lab 2-5: Configuring Multiple Cisco ISE Policies

MODULE 3: Web Authentication and User Access Management

Lesson 1: Implementing Web Authentication

  • Web Authentication Overview
  • Configuring ISE Web Authentication
  • Verifying Web Authentication

Lesson 2: Implementing Guest Services

  • Guest Service Overview
  • Preparing the Deployment
  • Configuring Sponsor Portal
  • Configuring Guest Portal
  • Creating Guest Accounts
  • Verifying Guest Accounts

Lab 3-1: Configuring Cisco ISE Guest Services
Lab 3-2: Guest Services Self-Registration

MODULE 4: Cisco ISE Profiler, Posture, and Endpoint Protection Services

Lesson 1: Implementing Cisco ISE Profiler Service

  • Profiler Service Overview
  • Configuring Profiling on Cisco ISE
  • Verifying Profiling

Lab 4-1: Configuring Cisco ISE for Profiling

Lesson 2: Implementing Cisco ISE Posture Service

  • Posture Service Overview
  • Configuring Cisco ISE for Client Provisioning
  • Adapting the Authorization Policy for Posture Compliance
  • Configuring the Posture System Settings
  • Configuring the Posture Policy
  • Verifying the Posture Service

Lab 4-2: Configuring Cisco ISE for Posture Assessment

Lesson 3: Implementing Cisco ISE Endpoint Protection Services

  • EPS Overview
  • Configuring EPS
  • Monitoring EPS

Lab 4-3: Endpoint Protections Services

Lesson 4: Implementing BYOD

  • BYOD Overview
  • Designing BYOD
  • Dual SSID BYOD Design
  • Device Onboarding User Experience

Lab 4-4: BYOD

MODULE 5: Reports, Monitoring, Troubleshooting, and Security

Lesson 1: Implementing Inline Posture and TrustSec Security

  • Inline Posture
  • Security Group Access
  • MAC Security

Lesson 2: Describing the Cisco ISE Architecture

  • Cisco ISE Deployment Types
  • Deploying Monitoring Personas
  • Preparing the Network Infrastructure

Lesson 3: Performing Cisco ISE Administration and Maintenance

  • Role-Based Access Control
  • Cisco ISE Licensing
  • Backing Up and Restoring the System Configuration

Lesson 4: Using Cisco ISE Reporting, Monitoring, and Troubleshooting

  • Cisco ISE Dashboard Monitoring
  • Implementing Logging
  • Managing Alarms
  • Cisco ISE Reports
  • Troubleshooting the Network
  • Backing Up and Restoring the Monitoring Database

Lab 5-1: Logging Setup
Lab 5-2: Cisco ISE Reporting
Lab 5-3: Working with Cisco ISE Monitoring and Troubleshooting
Lab 5-4: Patching Cisco ISE
Lab A-1: GUI Orientation
Lab A-2: Admin Access

Ces formations pourraient vous intéresser

EN
Journée
Télécommunication - Réseau télécom - Réseau informatique