Cisco Identity Services Engine Essentials
In this course, you will learn about the Cisco Identity Services Engine (ISE) a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x and MAB. The training provides learners with the knowledge and skills to implement 802.1X and MAB for wired and wireless endpoints. The class focuses on configuring Network Access Devices (IOS switches, and Wireless Lan Controllers) with commands necessary for ISE integration. The class also covers configuration of endpoints to use the native Microsoft supplicant with PEAP and EAP-TLS, as well as the Cisco NAM supplicant with EAP-FAST. Time is taken to explore Microsoft Active Directory group policy for endpoint configuration, and to cover integration of an enterprise CA for certificate based authentication.
This course is an intensive hands-on experience. With enhanced hands-on labs, you will setup and patch an ISE node, and use and enterprise CA to configure certificate services for use in a distributed deployment. You will integrate ISE with Active Directory and configure Group Policy to automatically enroll endpoints with an enterprise CA for TLS based authentication. You will configure and test AAA and 802.1X on an IOS switch using classical commands to integrate with ISE. You will migrate and test an IOS switch configuration to use the new-mode IBNS 2.0 Cisco Common Classification Policy Language (C3PL). You will configure and test a Cisco Wireless LAN Controller (WLC) with advanced ISE features. The class also covers the new ISE 2.3 conditions studio and its use in Policy Sets for Authentication/Authorization rules, Profiling of endpoints on the network, and Device Administration using TACACS+.
Objetivos
Implement Best Practices for Designing and Deploying a Distributed Cisco ISE Solution
Install certificates into ISE using a Windows 2012 Certificate Authority (CA)
Configure the Local and Active Directory Based Identity Store and use of Identity Source Sequences
Implement Best Practices for configuring a Cisco IOS Switch for use with ISE
Migrate an existing Cisco IOS Switch configuration to New-Mode Cisco Common Classification Policy Language (C3PL)
Implement Best Practices for configuring a Cisco Wireless LAN Controller (WLC) for use with ISE
Configure Policy Sets and Network Access Devices in ISE
Implement & Test 802.1X in ISE for wired PEAP, EAP-FAST & EAP-TLS Supplicants
Implement & Test 802.1X in ISE for wireless EAP-FAST & EAP-TLS Supplicants
Implement & Test MAC Authentication Bypass (MAB) in ISE for wired and wireless endpoints
Turn on Endpoint Profiling and use it to identify popular endpoints such as Windows and Apple iOS devices.
Implement TACACS+ for Switch and WLC Device Administration
Ciberseguridad
Disponible en formato e-learning
Disponible en formato presencial
Disponible en formato a distancia
Descargar la información del curso
Subvención disponible
A través de Fundae, cumpliendo requisitos.
Duración
15 horas
- Dificultad 50%
- Nivel alcanzado 80%
Dirigido a
Consulting systems engineers; Technical solutions architects; Integrators who install and implement the Cisco ISE version 2.3; End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE 2.3. Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product
Conocimientos requeridos
Attendees should meet the following prerequisites:
CCNA Security or equivalent level of experience with Cisco devices (ICND1 +IINS)
Foundation-level wireless knowledge and skills
Familiarity with Microsoft Windows and Microsoft Active Directory
Familiarity with 802.1X
Familiarity with Cisco ASA
Familiarity with Cisco AnyConnect Secure Mobility Client
Temario
Cisco ISE Architecture and Deployment
Cisco ISE Features Overview
PKI in an ISE deployment
Cisco ISE Deployment Models
Cisco ISE Identity Management
Configuring Cisco ISE Internal Identity Sources
Configuring Cisco ISE External Identity Sources
Configuring Endpoints for Certificate Based Authentication
Cisco ISE Policy Enforcement
Registering Network Access Devices in Cisco ISE
Working with ISE Dictionaries
Configuring Cisco ISE Policy Sets
Using the Cisco ISE Conditions Studio to Configure Policy Elements
Creating Downloadable ACLs and Authorization Profiles
Configuring Authentication Policy Rules including Identity Source and Allowed Protocols
Configuring Authorization Policy Rules including conditions and authorization profiles
Introducing Wired and Wireless 802.1X and MAB
Overview of 802.1X Including Commonly implemented Extensible Authentication Protocols (EAPs)
Configuring a Cisco IOS Switch using Identity-Based Network Services (IBNS) commands for integration with ISE including
Configure and Test 802.1x supplicant parameters on a wired endpoint using PEAP and EAP-TLS
Migrating to IBNS 2.0 Cisco Common Classification Policy Language (C3PL) commands on a Cisco Switch
Configure and Test 802.1x supplicant parameters on a wired endpoint using EAP-FAST
Configuring a Cisco WLC for integration with ISE from the WLC CLI and GUI
Configure and Test 802.1x supplicant parameters on a wireless endpoint using EAP-FAST and EAP-TLS
Implement and Test MAC Authentication Bypass in ISE for non-supplicant Endpoints
Cisco ISE Profiler for Endpoint Discovery and Classification
Configuring Profiler Probes
Working with the Profiler Feed Service
Implementing Profiler Policy and Identity Groups
Using Profiler Logical Profiles
Cisco ISE TACACS+ for wired and wireless Device Administration
Configuring TACACS Policy Sets
Working with Identity Sources for Authentication
Configuring Shell Profiles and Command Sets for Authorization
Performing Wired and Wireless Device Administration
Labs:
Lab 1: Setup an ISE Node and Configure Certificates
Lab 2: Register an ISE Node in a Distributed Deployment
Lab 3: Integrate ISE with Active Directory
Lab 4: Configure Endpoints for Certificate Based Authentication
Lab 5: Register NADs and Configure ISE Policy
Lab 6: Configure an IOS Switch and Test Wired PEAP and EAP-TLS
Lab 7: Migrate a Switch to IBNS 2.0 (C3PL) and Test Wired EAP-FAST
Lab 8: Configure a WLC and Test Wireless EAP-FAST
Lab 9: Implement MAC Authentication Bypass (MAB)
Lab 10: Configure and Test Endpoint Profiling
Lab 11: Implement TACACS+ for Switches and WLCs
Comentarios recientes