This course is geared towards students who have no prior knowledge of ISE and 802.1X. The ISE product is Cisco’s flagship security product, intended to replace several major current products, including NAC Servers and Managers, NAC Profiler, Guest Server, Profiler, and the Cisco Secure Access Control Server (ACS).
In this course with enhanced hands—on labs, you will cover the Cisco Identity Services Engine (ISE) version 1.1.1, a next generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on—boarding, and guest management. You will gain the knowledge and skills needed to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.
You will learn how to perform a fundamental installation of ISE and how to configure identity—based networks using 802.1X for both wired and wireless clients, using a Windows 7 client. You will also learn to use many of the new features, including AnyConnect 3.1, EAP—FAST, PEAP, BYOD, and EAP Chaining. You’ll also see how the new Virtual Wireless Controller (vWLC) works to integrate with ISE along with advanced features within ISE.
Learning Objectives
ISE deployment options including node types, personas, and licensing
Install certificates into ISE using a Windows 2008 certificate authority (CA)
Configure AAA clients and network device groups
Configure local and remote identity store and use of sequence lists
802.1X for wired and wireless networks using the latest dot1x commands on a switch and version 7.3 of the vWLC:
PEAP Authentication (GPO configuration)
EAP—FAST Authentication
Extensible authentication protocol (EAP) chaining
Service set identifier (SSID) matching in authorization policies
Configure authorization and authentication policies to allow MAC Authentication Bypass endpoints
Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
Configure sponsored guest access
Configure profiler services in ISE and use newer probes available in IOS switch code 15.x
Configure posture assessments using the Cisco next available agent (NAA) and offline updates in ISE
Configure web agent assessment for non—corporate assets
Bring your own device (BYOD) using single SSID and dual SSID modes
Maintenance, upgrading, and logging
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Network Services
- Systems Administration
- Systems Analysis
- Technology R&D
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.