Network Security Implementing and Configuring Cisco Identity Services Engine

Implementing and Configuring Cisco Identity Services Engine


Date of Class:


Last Day To Enroll:

3695.00 3,695.00

  • Course Delivery: Virtual Classroom

Chat Live | Contact Us | Toll Free: (888) 360-8764



The Implementing and Configuring the Cisco Identity Services Engine course provides security and consulting system engineers and administrators an intensive hands-on experience in setting up, deploying and managing the Cisco Identity Services Engine (ISE) version 1.3 to support authentication, authorization, accounting and policy-based networking for devices and users. You will walk through a complete install, configure the network and devices, and use ISE as a policy engine to protect the network. Hands-on labs include:

  • Installing Cisco ISE v1.3
  • Certificate Operations
  • Cisco ISE Node Deployment
  • Configure and Add Network Access Devices to Cisco ISE
  • Implementing ISE to support BYOD
  • Configuring Multiple Cisco ISE Policies
  • Configuring Cisco ISE Guest Services
  • Guest Services Self-Registration
  • Configuring Cisco ISE for Profiling
  • Configuring Cisco ISE for Posture Assessment
  • Cisco ISE Reporting
  • Working with Cisco ISE Monitoring and Troubleshooting

Who should attend

  • Cisco Channel Partner SEs and FEs that are seeking to meet the education requirements to attain ATP authorization to sell Cisco ISE.
  • Field engineers, network administrators, and consulting systems engineers who implement and maintain the Cisco ISE in enterprise networks.
  • Security architects, design engineers, network designers and others seeking hands-on experience with the Cisco ISE.

Course Objectives

Course Objectives

  • Install Cisco ISE 1.3.
  • Understand the concepts of policy enforcement in a Cisco Network.
  • Configure Cisco ISE 1.3 for Guest Access, BYOD and MDM and Cisco ISE Compliance and Posture.
  • Understand the concepts of designing and implementation along with Cisco recognized best practices.

Follow On Courses

  • Implementing Cisco IP Routing v2.0 (ROUTE)
  • Implementing Cisco Edge Network Security Solutions (SENSS)
  • Implementing Cisco Secure Mobility Solutions (SIMOS)
  • Implementing Cisco Secure Access Solutions (SISAS)
  • Implementing Cisco Threat Control Solutions (SITCS)

Topics Covered

Detailed Course Outline

Module 1: Introducing the Cisco Secure Access Solution and ISE Platform Architecture

Lesson1: The Cisco Secure Access Solution

  • Standard Access Solution
  • Components of a Secure Access Solution
  • High-level client access, identifying the previously defined components—802.1X, MAB,
  • Web Authentication and VPN

Lesson 2: Cisco ISE as a Network Access Policy Engine

  • Components of an ISE deployment
  • ISE Functions (Access Policy, Guest Lifecycle Management, Profiling, Posture, BYOD, pxGrid, and so on.)

Lesson 3: Cisco ISE Policy Security Mechanisms

  • Context and Flexible Authentication
  • Access Point ACLs—dACLs, wACLs, and NAD Filters (Switch and VPN)
  • TrustSec
  • Mobile Device Management (MDM)

Lesson 4: Cisco TrustSec

  • The standard Network Security Policy model
  • Security Policy
  • The TrustSec security model
  • MACsec 802.1AE

Lesson 5: Installing Cisco ISE

  • Installation pre-requisites—DNS, NTP, VM, DISK I/O, and so on
  • Completing the setup process
  • Certificates used in ISE—client Auth/ Web portals: admin, sponsor and client

Lesson 6: Cisco ISE GUI Orientation

  • Navigate the top-level areas of the Cisco ISE GUI
  • Use navigation features of Cisco ISE GUI, such as hover, drill down, and pop-ups

Module 2: Cisco ISE Policy Enforcement

Lesson 1: 802.1X and MAB Access – Wired and Wireless

  • 802.1X access and it’s components
  • MAC Authentication Bypass
  • NAD Configuration
  • ISE Configuration for 802.1X and MAB
  • 802.1X and MAB connections

Lesson 2: Identity Management

  • Identity
  • Internal Identity Sources
  • External Identity Sources
  • Multi-AD Overview and Configuration
  • Identity Source Sequences (ISSs)

Lesson 3: Cisco ISE Policy Overview

  • Authentication and Authorization parts of the process
  • Dictionaries, Identity Sources, and ISSs
  • Authentication and its components
  • Authorization and its components
  • Exception policies and policy sets

Lesson 4: Cisco ISE Policy Sets

  • Configure, enable, and use Policy Sets
  • Global versus local exception processing

Module 3: Web Authentication

Lesson 1: Web Access with Cisco ISE

  • Different Web Access Portals in ISE
  • Guest Access, BYOD, WebAuth use cases
  • Web Access components and configuration

Lesson 2: WebAuth Configuration

  • ISE and NADs Configuration for WebAuth
  • Wired, Wireless, Converged Access requirements
  • WebAuth configuration

Module 4: Cisco ISE Guest Services

Lesson 1: Cisco ISE Guest Access Components

  • Guest Access Services
  • Guest Flow for Hotspot Access
  • Guest Flow for Self-Registered Access
  • Guest Flow for Self-Registered Access with Approval
  • Guest Flow for Sponsored Access
  • Multiple Guest Portals
  • ISE 1.3 Guest Enhancement

Lesson 2: Guest Access Settings

  • Guest Access Settings
  • Guest Account Purge Policy
  • Custom Fields
  • Guest Email Settings
  • Guest Locations and SSIDs
  • •Guest Password and Username Policy
  • SMS Gateway Settings
  • Guest Types

Lesson 3: Sponsors and Sponsor Portals

  • Sponsor Groups Overview and Settings
  • Sponsor Portal Customization
  • Guest Account via Desktop Sponsor Portal
  • Guest Account via Mobile Sponsor Portal
  • Manage Guest Account

Lesson 4: Cisco ISE Guest Portal Overview

  • Guest Portals
  • Hotspot Guest Portals
  • Self-Registration Guest Portals
  • Sponsored Guest Portal
  • Customize Guest Portals
  • Assign Portal in AuthZ Profiles

Lesson 5: Cisco ISE Guest Operations and Reports

  • New Monitoring Reports
  • New Guest Access Reports
  • New Guest Logging Messages
  • Home Page Guest Reports
  • Enhanced Debug Logs
  • Endpoint Purging

Module 5: Cisco ISE Profiler

Lesson 1: Introduction to Profiling

  • Information Sources
  • How Profiling Probes access the data
  • Profiling Probes
  • NADs for Profiling
  • Endpoint Identity Information

Lesson 2: Profiling Configuration on Cisco ISE

  • Profiler on Cisco ISE
  • Profiler Policies and Conditions
  • Profiler Configuration

Module 6: Cisco ISE BYOD and MDM

Lesson 1: Cisco ISE BYOD Process Overview

  • BYOD Components
  • BYOD Enhancements
  • BYOD Design

Lesson 2: BYOD Portal Selection

  • BYOD Portal Selection Process
  • Single-SSID BYOD Configuration
  • Dual-SSID BYOD Configuration

Lesson 3: My Devices Portal Settings

  • My Devices Portal Configuration
  • My Devices Portal End-user Experience

Lesson 4: Certificates in BYOD Scenarios

  • Local ISE CA Server and Local Certificates
  • Certificate Templates
  • Certificates Operations

Lesson 5: Describe MDM and ISE

  • MDM

Module 7: Cisco ISE Endpoint Compliance Services

Lesson 1: Endpoint Compliance – Posture Service Overview

  • Endpoint Compliance and Access
  • Compliance Components
  • Compliance MDM, AnyConnect, and NAC agents

Lesson 2: Client Provisioning in Cisco ISE

  • Client Provisioning Flows
  • Client Provisioning Settings
  • Client Provisioning Policy

Lesson 3: Mobile Client Provisioning in Cisco ISE

  • MDM
  • Cisco ISE integration with MDM servers
  • Mobile device agent provisioning

Lesson 4: Configuring Cisco ISE for Posture Compliance

  • Configuration of Posture Services
  • Authorization Policy Adjustments for Posture
  • Posture Reports

Module 8: Using Cisco ISE for VPN-based Services

Lesson 1: VPN Access Overview

  • AAA – External Authentication
  • Access Flows with Cisco ISE and ASA 9.2+
  • Access Flows with Cisco ISE and ASA Pre9.2

Lesson 2: Configuring Cisco ASA v9.2+ for VPN Access

  • ASA for VPN authentication via ISE
  • Add ASA as new NAD on ISE
  • Cisco ISE for Posture services
  • ASA v9.2+ for Posture services
  • Posture configuration on ASA and ISE

Lesson 3: Using Inline Posture Node for NADs without CoA Support

  • Inline Posture Node
  • Inline Posture processing flow
  • Routed and bridged modes of Inline Posture Node

Module 9: Cisco TrustSec

Lesson 1: Cisco TrustSec

  • SGA Overview
  • SXP and SGACLs Overview
  • SGFW Enforcement

Module 10: Cisco ISE Design

Lesson 1: Node Capabilities

  • Cisco ISE Deployment Types
  • Node Communications

Lesson 2: Failover and High Availability

  • Failover and High Availability Options
  • Network Infrastructure Requirements

Module 11: Cisco ISE Best Practices

Lesson 1: Best Practices

  • Deployment Best Practices
  • Certificates Best Practices
  • Profiling Best Practices
  • CWA Best Practices
  • Logging and Troubleshooting


  • Initial Configuration of Cisco ISE
  • Cisco ISE GUI Setup
  • Integrate Cisco ISE with Active Directory
  • Integrating Cisco ISE with a second Microsoft Active
  • Basic Policy Configuration
  • Conversion to Policy Sets
  • Configure Guest Access
  • Guest Access Operations
  • Guest Reports
  • Configuring Profiling
  • Customizing the Cisco ISE Profiling Configuration
  • ISE Profiling Reports
  • BYOD Configuration
  • Device Blacklisting
  • Compliance
  • Configuring Client Provisioning
  • Configuring Posture Policies
  • Testing and Monitoring Compliance-Based Access
  • Compliance Policy Testing
  • MDM Integration with Cisco ISE
  • MDM Access and Configuration
  • Client Access with MDM
  • Using Cisco ISE for VPN Access


  • CCNA or equivalent level of experience with Cisco infrastructures. The Course Interconnecting Cisco Network Devices Part 2, Version 2.0 (ICND2) provides the prerequisite knowledge
  • CCNA Security or equivalent level of experience with Cisco infrastructures. The course Implementing Cisco Network Security v3.0 (IINS) provides the prerequisite knowledge
  • Familiarity with Microsoft Windows and Microsoft Active Directory. Courses Active Directory Services with Windows Server (10969) and Administering Windows Server 2012 (20411) will provide the prerequisite knowledge. Administering Windows Server 2012 (20411)
  • Familiarity with 802.1X. The course Introduction to 802.1X Operations for Cisco Security Professionals (802.1X) provides the prerequisite knowledge

Subject Matter Expert


Got questions? Contact us below or call 877-881-2235

Why Choose

  • Fast and easy courses completion
  • Get an education faster than at traditional colleges!
  • 100% online - No classroom attendance required.
  • Unlimited 24x7 online customer support
  • Over 500,000+ certified nationwide.