• 100 Queen St W, Brampton, ON L6X 1A4, Canada
  • +1-800-961-0337
04/01/2019 04/05/2019
  • VLT
Live Online
04/29/2019 05/03/2019
  • VLT
Live Online
04/29/2019 05/03/2019
  • VLT
Live Online
05/20/2019 05/24/2019
  • VLT
Live Online
07/15/2019 07/19/2019
  • VLT
Live Online
09/16/2019 09/20/2019
  • VLT
Live Online
11/04/2019 11/08/2019
  • VLT
Live Online
12/16/2019 12/20/2019
  • VLT
Live Online

Implementing and Configuring Cisco Identity Services Engine (SISE v2.1)

Course Objectives

After finishing this course, the student will have the capacity to meet these general destinations:

  • Portray Cisco ISE design, establishment, and dispersed sending choices.
  • Arrange Network Access Devices (NADs), approach segments, and essential validation and approval strategies in Cisco ISE - Implement Cisco ISE web confirmation and visitor administrations.
  • Send Cisco ISE profiling, stance and customer provisioning administrations.
  • Portray organization, observing, investigating, and TrustSec SGA security.
  • Design gadget organization utilizing TACACS+ in Cisco ISE

Who Should Attend

The gathering of people for this course is as per the following:

  • ISE Administrators/Engineers
  • Remote Administrators/Engineers
  • Counseling Systems Engineers
  • Specialized/Wireless/BYOD/Security Solutions Architects
  • ATP accomplice frameworks and field engineers
  • Frameworks integrators who introduce and execute the Cisco Identity Service Engine adaptation 2.1

Implementing and Configuring Cisco Identity Services Engine (SISE v2.1)

Course Outline

Module 1: Introducing Cisco ISE Architecture and Deployment

Lesson 1: Using Cisco ISE as a Network Access Policy Engine

Cisco Identity Services Overview

Cisco Identity Solution Benefits

The Attack Continuum

Controlling Access to the Network

Security Challenges for IT Organizations

Concentrated Policy Management

Cisco Identity Solution Guest Use Case

Cisco Identity Solution BYOD Use Case

Cisco Identity Solution Profiling Use Case

Cisco Identity Solution Compliance Use Case

Cisco Identity Solution Security Group Access Use Case

Presenting the Components of a Cisco ISE Deployment

Secure Access Control

Portraying Cisco ISE Functions


Lesson 2: Introducing Cisco ISE Deployment Models

Presenting the Components of an ISE Deployment

Cisco ISE Nodes and Personas

Actualizing Nodes, Personas, and Roles

Administrator Node

Arrangement Service Node

Checking Node

pxGrid Services

Gatherer Agent

Arrangement Synchronization

Sending Options

Cisco ISE Communication Model

Presenting Context Visibility

Setting Visibility Benefits

Setting Visibility Wizard

Streamline Visibility Wizard


Lab 1: Configure Initial Cisco ISE setup, GUI Familiarization, framework testament use

Errand 1: Verify Cisco ISE setup utilizing CLI

Errand 2: Initial GUI login and Familiarization

Errand 3: Disable Profiling

Errand 4: Certificate enlistment

Module 2: Cisco ISE Policy Enforcement

Lesson 1: Introducing 802.1X and MAB Access: Wired and Wireless

IEEE 802.1X Primer

Macintosh Authentication Bypass

Review: Configure 802.1X and MAB


Lab 2: Integrate Cisco ISE with Active Directory

Errand 1: Configure Active Directory Integration

Errand 2: Configure LDAP Integration

Lesson 2: Introducing Identity Management

Personality Sources Overview

Interior Identity Sources

Outside Identity Sources

Multi-AD Overview and Configuration

Lightweight Directory Access Protocol



Personality Source Sequence


Lesson 3: Configuring Certificate Services

Testament Overview and Implementation

Confirmation Authority Services


Lesson 4: Introducing Cisco ISE Policy

Confirmation and Authorization Process

Word references, Identity Sources, and ISSs

Confirmation and Its Components

Approval and Its Components

Special case Policies and Policy Sets

Sessions in Cisco ISE


Lab 3: Configure Basic Policy on Cisco ISE

Errand 1: Policy Configuration for AD Employees and AD Contractors

Errand 2: Client Access – Wired

Errand 3: Client Access – Wireless

Errand 4: Network perceivability with Context Visibility

Lesson 5: Configuring Cisco ISE Policy Sets

Cisco ISE Policy Sets Overview

Worldwide versus Local Exception Processing

Lab 4: Configure Conversion to Policy Sets

Errand 1: Convert to Policy Set

Errand 2: Create Wired and Wireless Policy Sets

Errand 3: Creating a Global Exception

Errand 4: Testing Client Access Using Policy Sets

Lesson 6: Implementing Third-Party Network Access Device Support

Outsider NAD Support: Features and Workflows


Lesson 7: Introducing Cisco TrustSec

Presenting Cisco TrustSec

Lesson 8: Introducing EasyConnect

Simple Connect Overview

EasyConnect Modes and Flows

EasyConnect Configuration


Lab 5: Configure Access Policy for Easy Connect

Errand 1: Configure Cisco ISE to Support Easy Connect

Errand 2: Create Easy Connect Policy Sets

Errand 3: Test the Easy Connect Connection

Module 3: Web Auth and Guest Services

Lesson 1: Introducing Web Access with Cisco ISE

Web Authentication Overview

ISE Web Authentication Configuration Overview

Web Authentication Verification Overview


Lab 6: Configure Guest Access

Errand 1: Configure Guest Settings.

Errand 2: Configure Guest Locations.

Lesson 2: Introducing ISE Guest Access Components

Visitor Access Services Overview


Lesson 3: Configuring Guest Access Settings

Audit Guest Access Settings

Visitor Types Overview


Lab 7: Configure Guest Access Operations

Errand 1: Configure Cisco ISE visitor access with a hotspot entrance.

Assignment 2: Configure Cisco ISE visitor access for visitor self-enlistment. (Discretionary)

Assignment 3: Enable self-enlistment with support endorsement.

Errand 4: Create the records as a support (Optional).

Errand 5: Perform visitor account administration by means of the support entry.

Lesson 4: Configuring Portals: Sponsors and Guests

Cisco ISE Sponsor Components and Configuration

Lab 8: Create Guest Reports

Errand 1: Running Reports from Cisco ISE Dashboard

Module 4: Cisco ISE Profiler

Lesson 1: Introducing Cisco ISE Profiler

Prologue to the Profiler Service

Cisco ISE Probes

Profiling Policies


Lesson 2: Configuring Cisco ISE Profiling

Arrange Profiling on Cisco ISE Overview

Get ready for Profiling

Empower the Profiling Service

Profiling Probe Configuration

Arranging the Profiler Feed Service

Profiling Settings

Characterize Profiling Parameters

Arrange Profile Policies and Logical Profiles

NMAP Scan Actions

Go Live and Monitor


Lab 9: Configure Profiling

Errand 1: Configuring Profiling in Cisco ISE

Errand 2: Configure the Feed Service

Errand 3: Configuring Profiling in Cisco ISE

Errand 4: NAD Configuration for Profiling

Lab 10: Customize the Cisco ISE Profiling Configuration

Errand 1: Examine Endpoint Data

Errand 2: Create a Logical Profile

Errand 3: Creating a New Authorization Policy Using a Logical Profile

Errand 4: Create a Custom Profile Policy

Errand 5: Testing Authorization Policies with Profiling Data

Lab 11: Create Cisco ISE Profiling Reports

Assignment 1: Run Cisco ISE Profiler Feed Reports

Assignment 2: Endpoint Profile Changes Report

Assignment 3: Context Visibility Dashlet Reports

Module 5: Cisco ISE BYOD

Lesson 1: Introducing the Cisco ISE BYOD Process

BYOD Problem and Solutions

BYOD Design

Lesson 2: Describing BYOD Flow


Lesson 3: Configuring My Devices Portal Settings

My Devices Portal Configuration

My Devices Portal End-User Experience

Lesson 4: Configuring Certificates in BYOD Scenarios

Nearby ISE CA Server and Local Certificates

Cisco ISE Certificates Set Up Walk-through

Lab 12: Configure BYOD

Assignment 1: Portal Provisioning

Assignment 2: Provisioning Configuration

Assignment 3: Configuring Policy

Assignment 4: Employee iPad Registration

Lab 13: Blacklisting a Device

Assignment 1: Blacklisting a Device

Assignment 2: Lost Access Verification.

Assignment 3: Endpoint Record Observations

Assignment 4: UnBlacklist the Device

Assignment 5: Verify Access Capability

Assignment 6: Blacklisting a Stolen Device

Module 6: Cisco ISE Endpoint Compliance Services

Lesson 1: Introducing Endpoint Compliance

Endpoint Compliance

Stance Service

Stance Conditions

Consistence Module

Stance Flow

Cisco ISE Posture Agents

Stance Operational Modes

Stance Service Deployment and Licensing


Lab 14: Configure Compliance Services on Cisco ISE

Undertaking 1: Posture Preparation

Undertaking 2: Authorization Profiles

Undertaking 3: Adjusting Authorization Policy for Compliance

Lesson 2: Configuring Client Posture Services and Provisioning in Cisco ISE

Customer Provisioning

Stance Configuration Procedure

Get ready

Customer Provisioning Resources

Stance General Settings

Stance Policy

Customer Provisioning Portal

Customer Provisioning Policy

Extra Configuration Tasks


Lab 15: Configure Client Provisioning

Errand 1: Client Updates

Errand 2: Client Resources

Errand 3: Client Provisioning Policies

Lab 16: Configure Posture Policies

Assignment 1: Configure Posture Conditions

Assignment 2: Configuring Posture Remediation

Assignment 3: Configuring Posture Requirements

Assignment 4: Configuring Posture Policies

Lab 17: Test and Monitor Compliance Based Access

Assignment 1: AnyConnect Unified Agent Access

Assignment 2: Web Agent Access (Optional)

Lab 18: Test Compliance Policy

Assignment 1: Configure a Faulty Policy

Assignment 2: Use Posture Reports for Troubleshooting

Assignment 3: Using the Posture Troubleshooter

Assignment 4: Policy Correction and Testing

Module 7: Cisco ISE with AMP and VPN-Based Services

Lesson 1: Introducing VPN Access Using Cisco ISE

AAA – External Authentication

Utilizing Cisco ASA for VPN Authentication

VPN Access Configuration Overview


Lab 19: Configure Cisco ISE for VPN Access

Assignment 1: Preparing the Lab

Assignment 2: Testing VPN Client Access

Lesson 2: Configuring Cisco AMP for ISE

Danger Centric NAC Overview

Danger Centric NAC Configuration


Lab 20: Configure Threat-Centric NAC utilizing Cisco AMP

Assignment 1: Configuring the Cisco AMP Cloud

Assignment 2: Configuring Posture Policies and Conditions

Assignment 3: Configuring Posture, AMP and AnyConnect Profiles

Assignment 4: Enabling and Provisioning TC-NAC Services

Assignment 5: Verify Provisioning of AMP for Endpoints (Optional)

Module 8: Cisco ISE Integrated Solutions with APIs

Lesson 1: Introducing Location-Based Authorization

Presenting Location-Based Authorization

Lesson 2: Introducing Cisco ISE 2.x pxGrid

pxGrid Framework

pxGrid on Cisco ISE

Setting Up the Topic

Utilize Case: pxGrid for Rapid Threat Detection

Lab 21: Configure Cisco ISE pxGrid and Cisco WSA Integration

Assignment 1: Configuring Cisco ISE System Certificates for REST and pxGrid

Assignment 2: Preparing the Cisco WSA

Assignment 3: Configuring Security Groups, Authorization Policy, and Enabling pxGrid on ISE

Assignment 4: Enabling pxGrid on WSA

Assignment 5: WSA Identity and Access Policies (Optional)

Assignment 6: Testing Corporate PC (Optional)

Module 9: Working with Network Access Devices

Lesson 1: Configuring TACACS+ for Cisco ISE Device Administration

Survey TACACS+

Cisco ISE TACACS+ Device Administration

Arrange TACACS Device Administration

TACACS Device Administration Guidelines and Best Practices

Moving from Cisco ACS to Cisco ISE


Lab 22: Configure Cisco ISE for Basic Device Administration

Errand 1: Policy Configuration for AD Employees and AD Contractors

Lab 23: Configure TACACS+ Command Authorization

Errand 1: Configure Command Sets

Errand 2: TACACS+ Features

Module 10: Cisco ISE Design (Self-Study)

Lesson 1: Designing and Deployment Best Practices

Cisco ISE Planning and Pre-arrangement

Cisco ISE Sizing and Scaling Practices

Lesson 2: Performing Cisco ISE Installation and Configuration Best Practices

Cisco ISE Deployment Best Practices

ISE Certificates Best Practices

ISE Profiling Best Practices

Online interfaces Best Practices

Logging and Troubleshooting Best Practices

Lesson 3: Deploying Failover and High-Availability

PSN HA or Load Sharing

Sending Monitoring Personas

Setting up the Network Infrastructure

Module 11: Configuring Third Party NAD Support


Lesson 1: Configuring Third-Party NAD Support (Optional, Self-Study, or Reference)

Arranging Third-Party NAD Support



The student is relied upon to have the accompanying aptitudes and learning before going to this course:

  • Recognition with Cisco IOS CLI
  • Recognition with Cisco ASA
  • Recognition with Cisco VPN customers
  • Recognition with MicroSoft Windows Operating Systems
  • Recognition with 802.1X