• Classroom
Course Description

This course is geared towards students who have no prior knowledge of ISE and 802.1X. The ISE product is Cisco’s flagship security product, intended to replace several major current products, including NAC Servers and Managers, NAC Profiler, Guest Server, Profiler, and the Cisco Secure Access Control Server (ACS).

In this course with enhanced hands—on labs, you will cover the Cisco Identity Services Engine (ISE) version 1.1.1, a next generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on—boarding, and guest management. You will gain the knowledge and skills needed to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

You will learn how to perform a fundamental installation of ISE and how to configure identity—based networks using 802.1X for both wired and wireless clients, using a Windows 7 client. You will also learn to use many of the new features, including AnyConnect 3.1, EAP—FAST, PEAP, BYOD, and EAP Chaining. You’ll also see how the new Virtual Wireless Controller (vWLC) works to integrate with ISE along with advanced features within ISE.

Learning Objectives

ISE deployment options including node types, personas, and licensing
Install certificates into ISE using a Windows 2008 certificate authority (CA)
Configure AAA clients and network device groups
Configure local and remote identity store and use of sequence lists
802.1X for wired and wireless networks using the latest dot1x commands on a switch and version 7.3 of the vWLC:
PEAP Authentication (GPO configuration)
EAP—FAST Authentication
Extensible authentication protocol (EAP) chaining
Service set identifier (SSID) matching in authorization policies
Configure authorization and authentication policies to allow MAC Authentication Bypass endpoints
Use central web authentication (CWA) for redirection of legitimate domain users who need to register devices on the network using MAC addresses (device registration)
Configure sponsored guest access
Configure profiler services in ISE and use newer probes available in IOS switch code 15.x
Configure posture assessments using the Cisco next available agent (NAA) and offline updates in ISE
Configure web agent assessment for non—corporate assets
Bring your own device (BYOD) using single SSID and dual SSID modes
Maintenance, upgrading, and logging

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.