Takaisin

Cisco ISE Essentials

UPDATED AGENDA! Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform. The course goal is to give users basic information and skills to install and operate Cisco Identity Services Engine (ISE). 

Target group: Technical staff

Course type: Lectures and technical exercises. Lectures are in Finnish and materials in English.

We will take max 8 attendants per course.

 

 

Introduction to Cisco ISE

  • Identity & access control benefits
  • ISE personas
  • Appliances and virtual models
  • Deployment and redundancy models
  • Scalability issues

ISE installation and basic operations

  • Appliance installation guidelines
  • Virtual appliance installation guidelines
  • Verifying platform properties
  • Network requirements
  • Creating and installing certificates
  • Selecting services (session, profiling etc.)
  • Initial configuration guidelines
  • Setting up visibility
  • ISE upgrades and maintenance packages

Lab: ISE installation & patching

Lab: Certificate installation

Lab: ISE basic configuration

802.1X basics

  • 802.1X background
  • PKI basics
  • Extensible Authentication Protocol (EAP)
  • EAP variants
  • Supplicant information
  • MACSEC with 802.1X
  • User identity sources

Lab: Setting up AD connection

Setting up 802.1X in wired/wireless environment

  • IBNS 2.0
  • 802.1X identities
  • Operational modes
  • Authentication modes and chaining
  • Non-802.1X clients
  • Auhorization possibilities
  • Configuring policy on ISE
  • Authentication fallback
  • Configuring WLC

Lab: Configuring wired 802.1X

Lab: Configuring wireless 802.1X

Guest networking

  • What is guest networking?
  • Local and central web authentication
  • Using PSK / WPA3 OWA

Lab: Configuring wireless guest networking

Profiling endpoints with ISE

  • What is profiling
  • Device types
  • Profiling probes
  • Device sensor
  • IoT devices (MUD)
  • Profiling configuration

Lab: Profiling IoT device

Cisco TrustSec

  • What is TrustSec?
  • Security/Scalable Group Tag
  • Forwarding SGT information within the network
  • SGT Exchange Protocol (SXP)
  • Configuring SGT in ISE

Lab: Configuring SGTs

Lab: Configuring SGT policies

Lab: Configuring policy sets for SGT usage

Integrating ISE with other components

  • pxGrid
  • ISE and Cisco DNA Center
  • ISE and Cisco StealthWatch
Näytä lisää Sulje
Ilari Karppinen Consultant, Network & Security Tämä sähköpostiosoite on suojattu spamboteilta. Tarvitset JavaScript-tuen nähdäksesi sen.