Cisco ISE Essentials

UPDATED AGENDA! Cisco Identity Services Engine (ISE) is a next-generation identity and access control policy platform. The course goal is to give users basic information and skills to install and operate Cisco Identity Services Engine (ISE). 

Target group: Technical staff

Course type: Lectures and technical exercises. Lectures are in Finnish and materials in English.

We will take max 8 attendants per course.



Introduction to Cisco ISE

  • Identity & access control benefits
  • ISE personas
  • Appliances and virtual models
  • Deployment and redundancy models
  • Scalability issues

ISE installation and basic operations

  • Appliance installation guidelines
  • Virtual appliance installation guidelines
  • Verifying platform properties
  • Network requirements
  • Creating and installing certificates
  • Selecting services (session, profiling etc.)
  • Initial configuration guidelines
  • Setting up visibility
  • ISE upgrades and maintenance packages

Lab: ISE installation & patching

Lab: Certificate installation

Lab: ISE basic configuration

802.1X basics

  • 802.1X background
  • PKI basics
  • Extensible Authentication Protocol (EAP)
  • EAP variants
  • Supplicant information
  • MACSEC with 802.1X
  • User identity sources

Lab: Setting up AD connection

Setting up 802.1X in wired/wireless environment

  • IBNS 2.0
  • 802.1X identities
  • Operational modes
  • Authentication modes and chaining
  • Non-802.1X clients
  • Auhorization possibilities
  • Configuring policy on ISE
  • Authentication fallback
  • Configuring WLC

Lab: Configuring wired 802.1X

Lab: Configuring wireless 802.1X

Guest networking

  • What is guest networking?
  • Local and central web authentication
  • Using PSK / WPA3 OWA

Lab: Configuring wireless guest networking

Profiling endpoints with ISE

  • What is profiling
  • Device types
  • Profiling probes
  • Device sensor
  • IoT devices (MUD)
  • Profiling configuration

Lab: Profiling IoT device

Cisco TrustSec

  • What is TrustSec?
  • Security/Scalable Group Tag
  • Forwarding SGT information within the network
  • SGT Exchange Protocol (SXP)
  • Configuring SGT in ISE

Lab: Configuring SGTs

Lab: Configuring SGT policies

Lab: Configuring policy sets for SGT usage

Integrating ISE with other components

  • pxGrid
  • ISE and Cisco DNA Center
  • ISE and Cisco StealthWatch
Näytä lisää Sulje
Ilari Karppinen Consultant, Network & Security Tämä sähköpostiosoite on suojattu spamboteilta. Tarvitset JavaScript-tuen nähdäksesi sen.

Ilmoittaudu kurssille


Palvelussa voidaan käsitellä Elisan tietosuojaperiaatteissa kuvattuja henkilötietoja, kuten esimerkiksi nimi, yhteystiedot ja palvelun käyttöön liittyvät tiedot. Elisa on palvelussa käsiteltävien henkilötietojen osalta tietosuojalainsäädännössä tarkoitettu henkilötietojen rekisterinpitäjä.

Elisa käsittelee rekisterinpitäjänä henkilötietoja kulloinkin voimassaolevien tietosuojaperiaatteiden mukaisesti (https://elisa.fi/sopimusehdot) ja (https://elisa.fi/tietosuoja).

Elisalla on oikeus käyttää palveluiden tuottamisessa ja henkilötietojen käsittelyssä alihankkijoita.


When using the service, the following types of personal information may be handled; name and contact information, employee information and other information from the client company, end user information, information related to use of the service and customer satisfaction information. This information is needed for the maintenance and development of the service. In terms of the personal information being handled, the customer is the controller as intended in information protection legislation and the service provider is the handler.

The customer's personal information is to be handled in the manner outlined in the agreement and this service description in order to provide and develop the services. Any other handling of the customer's personal information and its effect on costs in accordance with the General Data Protection Regulation are to be agreed upon separately between the parties to the agreement.

The provider or their subcontractor may collect data for the maintenance, improvement or analysis of the service. The provider reserves the right to use subcontractors in the production of their services and sub-handlers in the handling of personal information. The customer has the right to receive information on the provider's subcontractors and sub-handlers upon request.