Configure & Troubleshoot Cisco Identity Services Engine

Course Level: Intermediate.
Duration: 4 Days

Course Outline

This course guides through the practical application of Cisco Idenity Services Engine policy control system in Enterprise environment. Students will learn how to install and configure ISE main functionalities like 8021.X, MAC Authentication Bypass, Guest Access or BYOD process. Course is also focused on troubleshooting network access.

- Course organization
- Theory and Hands on labs approach
- 12 main LABS

Cisco ISE Overview

- ISE as a part of Cisco TrustSec
- ISE Architecture: nodes, functions, personas
- Deployment options
- Scaling Cisco ISE, resources estimation

Lab Topology overview

- Physical and logical topology description

Cisco ISE bootstrap and installation

- ISE network and deployment readiness
- Importance of certificates, NTP, DNS entries
- Certificate management
- Adding nodes to ISE deployment
- Active Directory integration
- Lab 1: ISE Bootstrap

Cisco ISE and NAD interaction

- NAD, client and ISE traffic flow
- 802.1X concepts (EAP protocols)
- Cisco Switch configuration as a NAD
- Cisco WLC configuration as a NAD
- Cisco ASA configuration as a NAD
- Testing ISE and NAD connections
- Lab 2: NAD configuration for WiFi
- Lab 3: NAD configuration for Wired access

AAA policies configuration

- Cisco ISE authentication process (AuthC)
- Authentication Conditions
- Authentication Profiles
- Internal and External Identity Sources
- Identity Sources Sequences
- Cisco ISE authorization process (AuthZ)
- Authorization Conditions
- Authorization Profiles
- Lab 4: Authentication components configuration for 802.1x
- Lab 5: Authorization components configuration for 802.1x
- Lab 6: Authentication and Authorization for Mac Authentication Bypass (MAB)

Cisco ISE Guest access

- Guest access design (PSN behavior, session stickiness, certificates)
- Guest portal configuration
- Authentication and Authorization
- Identity source sequence and authentication options
- Sponsor Portal
- Sponsor Authentication Sequence
- Sponsor role based oprations
- Lab 7: Guest portal configuration and verification
- Lab 8: AuthC and AuthZ for Guest Access

Profiling and BYOD operations

- Configuring profiling service
- Verify profiling
- Dual and Single SSID provisioning
- On-boarding behavior setup
- Certificate profiles preparation
- Onboarding verification
- Lab 9: Preparing BYOD components
- Lab 10: BYOD Configuring and verification

Posture Assessment

- Posture Client provisioning
- Tuning policies for Posture Compliance
- Configuring Posture policy
- Ensuring NAD configuration for posture operations
- Posture verification
- Lab 11: Preparing Posture components
- Lab 12: Configuring Posture for WiFi and Wired

Q&A and course summary

- BGP Q&A session
- Course summary

Register now

If you want to join the BGP training, please fill the online form below.

Grandmetric Ltd.

Mobile Networks, IP Networks, 5G, LTE Advanced, Research