Cisco Identity Services Engine (ISE) is a network-based Access Control and Policy Enforcement Platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations. The unique architecture of Cisco ISE allows enterprises to gather real-time contextual information from network devices (NADs), users and devices (Endpoints), the administrator can then use that information to make proactive governance decisions and enforce policies by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), virtual private network (VPN) gateways, and data center switches. Cisco ISE is a key component of the Cisco Security Group Access Solution.
In this Test Drive we will discuss the key requirements customers have when looking for an Access Control System. We will discuss in depth the advantages the Cisco ISE solution offers such as full lifecycle Guest Access, Profiling and Visibility, Talos, Px Grid, etc. We will also focus on new features such as Cisco Software Defined Access and the integration with Cisco DNA Center. We will setup and test a demo solution to show the features of ISE with real life equipment.
Prerequisites:
The knowledge and skills that a learner should have before attending this course are as follows:
- Familiarity with Cisco Networks
Course Objectives:
Upon successful completion of this course, students will be able to meet these overall objectives:
- Configure and customize ISE
- Understand the need for and configure MAB, 802.1X, and WebAuth
- Discuss Visibility, Profiling, and Context from a network security perspective
- Explain and demonstrate Easy Connect & Secure Access for active/passive identity authorization of users/devices to the network
- Explain how Guest methods, flows, and customization options provide greater network security and management
- Examine BYOD options with single and dual SSIDs
- Understand TrustSec and how it is used for role-based segmentation in ISE and SD-Access
- Discuss Third-Party Network Devices and how ISE can enforce secure access policies without Cisco infrastructure
- Understand how to migrate to ISE and license ISE features
- Understand how and where customers can get help from the Cisco ISE team
Course Outline:
- Cisco ISE Fundamentals
- What’s New in 3.x
- Visibility, Profiling, & Context
- Passive Identity and Easy Connect
- Secure Access
- Guests Access
- Bring Your Own Device (BYOD)
- Segmentation with TrustSec
- ISE and DNA Center
- Talos Integration
- Licensing
- ISE Design and Deployment
- Resources
Hands-on Labs Included
The primary audience for this course is as follows:
- Technical Professionals Interested in ISE
- System Administrators
- Professionals Specializing in Security or Enterprise Networks