IT4E Schedule 13939 Gold Circle Omaha NE 68144 402-431-5432 Course Number Course Name Course Description For Sales Chris Reynolds 402-963-4465 creynolds@it4e.com www.it4e.com SISE v1.1 SKY For Sales Kathy Hall 402-963-4466 khall@it4e.com Implementing and Configuring Cisco Identity Services Engine Implementing and Configuring Cisco Identity Services Engine (SISE v1.1) is a 5-day course based on Cisco Identity Services Engine (ISE) version 1.1.1, a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management, into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security posture compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE. In addition to the normal content covered in the SISE v1.1 course, Skyline ATS has added several enhancements. Additional lecture material covering the Single & Dual Wireless SSID BYOD (Bring Your Own Device) configuration has been added to the course. Enhanced 'Real World' BYOD lab exercises using Mobile Devices (Apple ipads) has also been added. In addition to the BYOD enhancements, 'Real World' lab exercises covering MAB, 802.1x-Wired, 802.1 x-wireless, Web Authentication, Posture Assessment, & Profiling are also included. To participate in the hands-on labs in this class, you need to bring a laptop computer with the following: We recommend using at least a Pentium 4 or better and 1 GB of RAM or more. We recommend running Windows XP Professional SP3 or greater (Vista & Windows 7/8). Mac & Linux machines are also supported. All PCs require Internet Explorer 7 or greater, Mozilla FireFox, or Google Chrome. Note: When testing connectivity, Mozilla & Chrome may not be able to fully complete the tests as intended. All students should have administrator rights to their PCs. If you do not have administrator rights to your PC, you at least need permissions to download, install, and run Active-X controls in Internet Explorer or Cisco Any Connect Client. If you are participating in a WebEx event, you should have internet access served by at least a 512K link, a full T1 Connection is recommended. All PCs require the latest Java Runtime Environment, which can be downloaded from www.java.com. If you have any questions or issues with meeting the recommended requirements, please contact us at rlt@skyline-ats.com to discuss. Thursday, October 16, 2014 Page 1 of 5
Course Objective Upon completing this course, the learner will be able to meet these overall objectives: Describe Cisco ISE architecture, installation, and distributed deployment options Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE Implement Cisco ISE web authentication and guest services Deploy Cisco ISE profiling, posture and client provisioning services Describe administration, monitoring, troubleshooting, and TrustSec SGA security Course Audience The primary audience for this course is as follows: Employee Channel Partner or Reseller Customer Course Prerequisite The knowledge and skills that a learner must have before attending this course are as follows: CCNA Security certification Foundation-level network knowledge and skills necessary to install, configure, operate, and troubleshoot network devices and applications Foundation-level wireless knowledge and skills Basic knowledge of Cisco IOS networking and concepts Course Length Days 5 Associated Exam Number Module Details Price $3,750.00 Course Introduction Overview Course Goal and Objectives Course Flow Module 1: Cisco ISE Product Overview Lesson 1: Introducing the Cisco ISE Overview of Cisco TrustSec Overview of Cisco ISE Cisco ISE Architecture Cisco ISE Deployment Options Lesson 2: Getting Started with Cisco ISE Installing Cisco ISE Network Time Protocol Cisco ISE Certificates Monitoring Basics Configuring and Verifying Cisco ISE for Distributed Deployment Module 2: Cisco ISE Authentication and Authorization Lesson 1: Configuring Basic Access Thursday, October 16, 2014 Page 2 of 5
NAD Overview IEEE 802.1X Primer Cisco Switch Configuration Cisco WLC Configuration Cisco ASA Appliance Configuration Cisco ISE Authentication Process Internal Databases Simple Authentication Rule-Based Authentication Sessions in Cisco ISE Lesson 2: Understanding External Authentication External Authentication Process Active Directory Lightweight Directory Access Protocol RADIUS Certificates Identity Source Sequencing Authentication Support and Performance Lesson 3: Using Cisco ISE Dictionaries Overview of Cisco ISE Dictionaries Read-Only Dictionaries Administrable Dictionaries RADIUS Vendor Dictionaries Lesson 4: Configuring Authorization Authorization Policies and Components Authorization Policy Configuration Exception Policies Module 3: Web Authentication and User Access Management Lesson 1: Implementing Web Authentication Web Authentication Overview Configure Cisco ISE Web Authentication Verifying Web Authentication Lesson 2: Implementing Guest Services Guest Services Overview Preparing the Deployment Configuring Sponsor Portal Configuring Guest Portal Creating Guest Accounts Verifying Guest Accounts Module 4: Cisco ISE Profiler, Posture, and Endpoint Protection Services Lesson 1: Implementing Cisco ISE Profiler Service Profiler Service Overview Configuring Profiling on Cisco ISE Verifying Profiling Lesson 2: Implementing Cisco ISE Posture Service Thursday, October 16, 2014 Page 3 of 5
Posture Service Overview Configuring Cisco ISE for Client Provisioning Adapting the Authorization Policy for Posture Compliance Configuring the Posture System Settings Configuring the Posture Policy Verifying the Posture Service Lesson 3: Implementing Cisco ISE Endpoint Protection Services EPS Overview Configuring EPS Monitoring EPS Lesson 4: Implementing BYOD BYOD Overview Designing BYOD Dual SSID BYOD Design Device Onboarding User Experience Single SSID BYOD Configuration-Enhanced Dual SSID BYOD Configuration-Enhanced Module 5: Reports, Monitoring, Troubleshooting, and Security Lesson 1: Implementing Inline Posture and TrustSec Security Inline Posture Security Group Access MAC Security Lesson 2: Describing the Cisco ISE Architecture Cisco ISE Deployment Types Deploying Monitoring Personas Preparing the Network Infrastructure Lesson 3: Performing Cisco ISE Administration and Maintenance Role-Based Access Control Cisco ISE Licensing Backing Up and Restoring the System Configuration Lesson 4: Using Cisco ISE Reporting, Monitoring, and Troubleshooting Cisco ISE Dashboard Monitoring Implementing Logging Managing Alarms Cisco ISE Reports Troubleshooting the Network Backing Up and Restoring the Monitoring Database Lab Outline Lab 1-1: Completing the Initial Setup Configuration Lab 1-2: Certificate Operations Lab 1-3: Cisco ISE Node Deployment Lab 2-1: Configure and Add Network Access Devices to Cisco ISE Lab 2-2: Configure External Identity Sources Lab 2-3: Configuring Cisco ISE for MAC Authentication Bypass (MAB) Lab 2-4: Configuring Cisco ISE for Wired 802.1X Authentication Lab 2-5: Configuring Cisco ISE for Wireless 802.1X Authentication Thursday, October 16, 2014 Page 4 of 5
Lab 3-1: Configuring Cisco ISE for Web Authentication Lab 3-2: Configuring Cisco ISE Guest Services Lab 4-1: Configuring Cisco ISE for Profiling Lab 4-2: Configuring Cisco ISE for Posture Assessment Lab 4-3: Configuring Cisco ISE Endpoint Protection Services Lab 4-4: Configure Cisco ISE for Single SSID Wireless BYOD configuration Lab 5-1: Logging Setup Lab 5-2: Cisco ISE Reporting Lab 5-3: Working with Cisco ISE Monitoring and Troubleshooting Thursday, October 16, 2014 Page 5 of 5