After taking this course, you should be able to:

• Describe Cisco ISE deployments, including core deployment components and how they interact to create a cohesive security architecture. Describe the advantages of such a deployment and how each Cisco ISE capability contributes to these advantages
• Describe concepts and configure components related to 802.1X and MAC Authentication Bypass (MAB) authentication, identity management, and certificate services
• Describe how Cisco ISE policy sets are used to implement authentication and authorization, and how to leverage this capability to meet the needs of your organization
• Describe third-party Network Access Devices (NADs), Cisco TrustSec®, and Easy Connect
• Describe and configure web authentication, processes, operation, and guest services, including guest access components and various guest access scenarios
• Describe and configure Cisco ISE profiling services, and understand how to monitor these services to enhance your situational awareness about network-connected endpoints. Describe best practices for deploying this profiler service in your specific environment
• Describe BYOD challenges, solutions, processes, and portals. Configure a BYOD solution, and describe the relationship between BYOD processes and their related configuration components. Describe and configure various certificates related to a BYOD solution
• Describe the value of the My Devices portal and how to configure this portal

Introducing Cisco ISE Architecture and Deployment

• Using Cisco ISE as a Network Access Policy Engine
• Cisco ISE Use Cases
• Describing Cisco ISE Functions
• Cisco ISE Deployment Models
• Context Visibility

Cisco ISE Policy Enforcement

• Using 802.1X for Wired and Wireless Access
• Using MAC Authentication Bypass for Wired and Wireless Access
• Introducing Identity Management
• Configuring Certificate Services
• Introducing Cisco ISE Policy
• Implementing Third-Party Network Access Device Support
• Introducing Cisco TrustSec
• Cisco TrustSec Configuration
• Easy Connect

Web Authentication and Guest Services

• Introducing Web Access with Cisco ISE
• Introducing Guest Access Components
• Configuring Guest Access Settings
• Configuring Sponsor and Guest Portals

Cisco ISE Profiler

• Introducing Cisco ISE Profiler
• Profiling Deployment and Best Practices

Cisco ISE BYOD

• Introducing the Cisco ISE BYOD Process
• Describing BYOD Flow
• Configuring the My Devices Portal
• Configuring Certificates in BYOD Scenarios

Cisco ISE Endpoint Compliance Services

• Introducing Endpoint Compliance Services
• Configuring Client Posture Services and Provisioning in Cisco ISE

Working with Network Access Devices

• Review TACACS+
• Cisco ISE TACACS+ Device Administration
• Configure TACACS+ Device Administration
• TACACS+ Device Administration Guidelines and Best Practices
• Migrating from Cisco ACS to Cisco ISE

Lab outline

• Access the SISE Lab and Install ISE 2.4
• Configure Initial Cisco ISE Setup, GUI Familiarization, and System Certificate Usage
• Integrate Cisco ISE with Active Directory
• Configure Cisco ISE Policy
• Configure Access Policy for Easy Connect
• Configure Guest Access
• Configure Guest Access Operations
• Create Guest Reports
• Configure Profiling
• Customize the Cisco ISE Profiling Configuration
• Create Cisco ISE Profiling Reports
• Configure BYOD
• Blacklisting a Device
• Configure Cisco ISE Compliance Services
• Configure Client Provisioning
• Configure Posture Policies
• Test and Monitor Compliance-Based Access
• Test Compliance Policy
• Configure Cisco ISE for Basic Device Administration
• Configure TACACS+ Command Authorization

• Network security engineers
• ISE administrators
• Wireless network security engineers
• Cisco integrators and partners

To fully benefit from this course, you should have the following knowledge:

• Familiarity with the Cisco IOS® Software Command-Line Interface (CLI)
• Familiarity with Cisco AnyConnect® Secure Mobility Client
• Familiarity with Microsoft Windows operating systems
• Familiarity with 802.1X

Recommended Cisco offerings that may help you meet these prerequisites:

• Cisco CCNP® Security Certification training
• Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)