> > > SISE

Implementing and Configuring Cisco Identity Services Engine (SISE)

Course Description Schedule Course Outline

Student Testimonials

"Excellent entry level course for new hires. Also, good refresher course for more experienced technicians."
- John Wray

About this Course

The Implementing and Configuring the Cisco Identity Services Engine course provides security and consulting system engineers and administrators an intensive hands-on experience in setting up, deploying and managing the Cisco Identity Services Engine (ISE) to support authentication, authorization, accounting and policy-based networking for devices and users. You will walk through a complete install, configure the network and devices, and use ISE as a policy engine to protect the network. Hands-on labs include:

  • Introducing the Cisco Secure Access Solution and ISE Platform Architecture
  • Cisco ISE Policy Enforcement
  • Web Authentication
  • Cisco ISE Guest Services
  • Cisco ISE Profiler
  • Cisco ISE BYOD and MDM
  • Cisco ISE Endpoint Compliance Services
  • Using Cisco ISE for VPN-Based Services
  • Cisco TrustSec
  • Cisco ISE Design
  • Cisco ISE Best Practices
  • Labs

Who should attend

  • Cisco Channel Partner SEs and FEs that are seeking to meet the education requirements to attain ATP authorization to sell Cisco ISE.
  • Field engineers, network administrators, and consulting systems engineers who implement and maintain the Cisco ISE in enterprise networks.
  • Security architects, design engineers, network designers and others seeking hands-on experience with the Cisco ISE.

Class Prerequisites

What You Will Learn

Although this course is designed to provide the knowledge and skills required to install and implement Cisco Identity Services Engine (ISE) v1.3, we are pleased to offer you access to labs during this class using version 1.4 software.

  • Describe Cisco ISE architecture, installation, and distributed deployment options.
  • Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE - Implement Cisco ISE web authentication and guest services.
  • Deploy Cisco ISE profiling, posture and client provisioning services.
  • Describe administration, monitoring, troubleshooting, and TrustSec SGA security.

Follow On Courses

Outline: Implementing and Configuring Cisco Identity Services Engine (SISE)

Module 1: Introducing the Cisco Secure Access Solution and ISE Platform Architecture

Lesson1: The Cisco Secure Access Solution

  • Standard Access Solution
  • Components of a Secure Access Solution
  • High-level client access, identifying the previously defined components—802.1X, MAB,
  • Web Authentication and VPN

Lesson 2: Cisco ISE as a Network Access Policy Engine

  • Components of an ISE deployment
  • ISE Functions (Access Policy, Guest Lifecycle Management, Profiling, Posture, BYOD, pxGrid, and so on.)

Lesson 3: Cisco ISE Policy Security Mechanisms

  • Context and Flexible Authentication
  • Access Point ACLs—dACLs, wACLs, and NAD Filters (Switch and VPN)
  • TrustSec
  • Mobile Device Management (MDM)

Lesson 4: Cisco TrustSec

  • The standard Network Security Policy model
  • Security Policy
  • The TrustSec security model
  • MACsec 802.1AE

Lesson 5: Installing Cisco ISE

  • Installation pre-requisites—DNS, NTP, VM, DISK I/O, and so on
  • Completing the setup process
  • Certificates used in ISE—client Auth/ Web portals: admin, sponsor and client

Lesson 6: Cisco ISE GUI Orientation

  • Navigate the top-level areas of the Cisco ISE GUI
  • Use navigation features of Cisco ISE GUI, such as hover, drill down, and pop-ups

Module 2: Cisco ISE Policy Enforcement

Lesson 1: 802.1X and MAB Access – Wired and Wireless

  • 802.1X access and it’s components
  • MAC Authentication Bypass
  • NAD Configuration
  • ISE Configuration for 802.1X and MAB
  • 802.1X and MAB connections

Lesson 2: Identity Management

  • Identity
  • Internal Identity Sources
  • External Identity Sources
  • Multi-AD Overview and Configuration
  • Identity Source Sequences (ISSs)

Lesson 3: Cisco ISE Policy Overview

  • Authentication and Authorization parts of the process
  • Dictionaries, Identity Sources, and ISSs
  • Authentication and its components
  • Authorization and its components
  • Exception policies and policy sets

Lesson 4: Cisco ISE Policy Sets

  • Configure, enable, and use Policy Sets
  • Global versus local exception processing

Module 3: Web Authentication

Lesson 1: Web Access with Cisco ISE

  • Different Web Access Portals in ISE
  • Guest Access, BYOD, WebAuth use cases
  • Web Access components and configuration

Lesson 2: WebAuth Configuration

  • ISE and NADs Configuration for WebAuth
  • Wired, Wireless, Converged Access requirements
  • WebAuth configuration

Module 4: Cisco ISE Guest Services

Lesson 1: Cisco ISE Guest Access Components

  • Guest Access Services
  • Guest Flow for Hotspot Access
  • Guest Flow for Self-Registered Access
  • Guest Flow for Self-Registered Access with Approval
  • Guest Flow for Sponsored Access
  • Multiple Guest Portals
  • ISE Guest Enhancement

Lesson 2: Guest Access Settings

  • Guest Access Settings
  • Guest Account Purge Policy
  • Custom Fields
  • Guest Email Settings
  • Guest Locations and SSIDs
  • •Guest Password and Username Policy
  • SMS Gateway Settings
  • Guest Types

Lesson 3: Sponsors and Sponsor Portals

  • Sponsor Groups Overview and Settings
  • Sponsor Portal Customization
  • Guest Account via Desktop Sponsor Portal
  • Guest Account via Mobile Sponsor Portal
  • Manage Guest Account

Lesson 4: Cisco ISE Guest Portal Overview

  • Guest Portals
  • Hotspot Guest Portals
  • Self-Registration Guest Portals
  • Sponsored Guest Portal
  • Customize Guest Portals
  • Assign Portal in AuthZ Profiles

Lesson 5: Cisco ISE Guest Operations and Reports

  • New Monitoring Reports
  • New Guest Access Reports
  • New Guest Logging Messages
  • Home Page Guest Reports
  • Enhanced Debug Logs
  • Endpoint Purging

Module 5: Cisco ISE Profiler

Lesson 1: Introduction to Profiling

  • Information Sources
  • How Profiling Probes access the data
  • Profiling Probes
  • NADs for Profiling
  • Endpoint Identity Information

Lesson 2: Profiling Configuration on Cisco ISE

  • Profiler on Cisco ISE
  • Profiler Policies and Conditions
  • Profiler Configuration

Module 6: Cisco ISE BYOD and MDM

Lesson 1: Cisco ISE BYOD Process Overview

  • BYOD Components
  • BYOD Enhancements
  • BYOD Design

Lesson 2: BYOD Portal Selection

  • BYOD Portal Selection Process
  • Single-SSID BYOD Configuration
  • Dual-SSID BYOD Configuration

Lesson 3: My Devices Portal Settings

  • My Devices Portal Configuration
  • My Devices Portal End-user Experience

Lesson 4: Certificates in BYOD Scenarios

  • Local ISE CA Server and Local Certificates
  • Certificate Templates
  • Certificates Operations

Lesson 5: Describe MDM and ISE

  • MDM

Module 7: Cisco ISE Endpoint Compliance Services

Lesson 1: Endpoint Compliance – Posture Service Overview

  • Endpoint Compliance and Access
  • Compliance Components
  • Compliance MDM, AnyConnect, and NAC agents

Lesson 2: Client Provisioning in Cisco ISE

  • Client Provisioning Flows
  • Client Provisioning Settings
  • Client Provisioning Policy

Lesson 3: Mobile Client Provisioning in Cisco ISE

  • MDM
  • Cisco ISE integration with MDM servers
  • Mobile device agent provisioning

Lesson 4: Configuring Cisco ISE for Posture Compliance

  • Configuration of Posture Services
  • Authorization Policy Adjustments for Posture
  • Posture Reports

Module 8: Using Cisco ISE for VPN-based Services

Lesson 1: VPN Access Overview

  • AAA – External Authentication
  • Access Flows with Cisco ISE and ASA 9.2+
  • Access Flows with Cisco ISE and ASA Pre9.2

Lesson 2: Configuring Cisco ASA v9.2+ for VPN Access

  • ASA for VPN authentication via ISE
  • Add ASA as new NAD on ISE
  • Cisco ISE for Posture services
  • ASA v9.2+ for Posture services
  • Posture configuration on ASA and ISE

Lesson 3: Using Inline Posture Node for NADs without CoA Support

  • Inline Posture Node
  • Inline Posture processing flow
  • Routed and bridged modes of Inline Posture Node

Module 9: Cisco TrustSec

Lesson 1: Cisco TrustSec

  • SGA Overview
  • SXP and SGACLs Overview
  • SGFW Enforcement

Module 10: Cisco ISE Design

Lesson 1: Node Capabilities

  • Cisco ISE Deployment Types
  • Node Communications

Lesson 2: Failover and High Availability

  • Failover and High Availability Options
  • Network Infrastructure Requirements

Module 11: Cisco ISE Best Practices

Lesson 1: Best Practices

  • Deployment Best Practices
  • Certificates Best Practices
  • Profiling Best Practices
  • CWA Best Practices
  • Logging and Troubleshooting


  • Initial Configuration of Cisco ISE
  • Integrate Cisco ISE with Active Directory
  • Integrating Cisco ISE with a second Microsoft Active Directory
  • Basic Policy Configuration
  • Conversion to Policy Sets
  • Configure Guest Access
  • Guest Access Operations
  • Guest Reports
  • Configuring Profiling
  • Customizing the Cisco ISE Profiling Configuration
  • ISE Profiling Reports
  • BYOD Configuration
  • Device Blacklisting
  • Compliance
  • Configuring Client Provisioning
  • Configuring Posture Policies
  • Testing and Monitoring Compliance Based Access
  • Compliance Policy Testing
  • MDM Integration with Cisco ISE
  • MDM Access and Configuration
  • Client Access with MDM
  • Using Cisco ISE for VPN Access
Classroom Training

Duration 5 days

  • United States: US$ 3,695
  • Cisco Learning Credits: 37 CLC
Enroll now
Online Training

Duration 5 days

  • United States: US$ 3,695
  • Cisco Learning Credits: 37 CLC
Enroll now