Implementing Cisco Identity Services Engine for Wireless Engineers (SWISE)
About this Course
The Implementing Cisco Identity Services Engine for Wireless Engineers (SWISE) version 1.0 course is a 2-day Instructor-led Training course. Cisco Identity Services Engine (ISE) combined with the Cisco Wireless LAN Controller (WLC), access point (AP), and end devices provide the comprehensive Cisco ISE deployment capabilities and solution into one system. This training course will enable Cisco end customers and authorized Cisco System Engineers (SEs) to understand the concepts, architecture, and use cases that are related to the Cisco ISE. This course will also prepare learners to implement basic Cisco ISE solutions. The focus is to ensure that students can implement the core features of Cisco ISE that most implementations require. Students should already be familiar with basic Cisco WLC and AP configuration.
Who should attend
- Wireless SEs
- SEs who work in security and manage corporate security policies
- Preferred Advanced Wireless specialized partner or Gold partner.
- Knowledge of basic 802.1X (It is recommended that the student take the free 802.1X E-learning on PEC before attending this training.)
- Basic understanding of Microsoft Active Directory or LDAP.
- CCNA-level route and switch knowledge.
What You Will Learn
Upon completing this course, the learner will be able to meet these overall objectives:
- Describe the business drivers, architecture, components, and scalability factors related to typical Cisco ISE deployment
- Provision secure network access by configuring AAA services and common CoA options.
- Configure profiling processes, components, options, and best practices.
- Provision a guest user access solution and the different options that are available.
- Describe and implement a BYOD solution, with a focus on configuring BYOD using a single SSID.
- Integrate Cisco ISE with a partner MDM solution.
- Use Cisco ISE tools to gather useful information related to historical trending and to troubleshoot.
Outline: Implementing Cisco Identity Services Engine for Wireless Engineers (SWISE)
Module 1: Introducing Cisco ISE
- Describe the issues that corporations face in supporting new paradigms of network access and how Cisco ISE can ease these pressures and help resolve these issues
- Describe the Cisco ISE architecture and components
- Describe the different Cisco ISE nodes and personas
- Describe and compare the products that are used to run Cisco ISE
- Describe the different Cisco ISE deployment options
- Explain the Cisco ISE licensing options and considerations
Module 2: Provisioning Secure Access
- Describe authentication services that are available to Cisco ISE
- Describe the process that Cisco ISE uses to validate credentials from different identity sources
- Configure authentication identity sources and policies
- Describe Cisco ISE authorization policies and their components
- Configure authorization components and policies
- Define and understand CoA and review common permission elements, including dACLs, named ACLs, VLANs, and SGT
- Lab 2-1: Basic Authentication and Authorization
Module 3: Configuring Profiling
- Describe the functions and purpose of profiling on the Cisco ISE platform
- List the profiler probes and discuss the attributes that are associated with these probes
- Describe and configure profiler policies
- Configure profiling on the Cisco ISE platform
- Verify profiling operation on the Cisco ISE platform
- List the best practices for configuring profiling on the Cisco ISE platform
- Lab 3-1: Configuring and Validating Cisco ISE Profiling
Module 4: Providing Guest Access
- Describe the concept of guest web access
- Configure the components of a CWA-based guest access solution including redirection for both wired and wireless access
- Describe guest accounts, roles, and data stores
- Define the functionality that is provided by the Cisco ISE portals that are used for guest access
- Configure support for guest reporting
- Discuss best practices as relates to Cisco ISE guest services
- Lab 4-1: Configuring Cisco ISE Guest Services
Module 5: Implementing BYOD
- Define BYOD, explain the advantages of a Cisco BYOD solution, and describe BYOD components
- Describe common BYOD use cases and explain how they apply to various corporate security policy needs
- Describe BYOD deployment and configuration options
- Describe the BYOD flow and on-boarding process when a single SSID is used
- Implement an authentication policy for BYOD deployments
- Implement an authorization policy for BYOD deployments
- Lab 5-1: BYOD On-Boarding using a Single SSID
- Lab 5-2: Test On-Boarding
Module 6: Exploring MDM Integration
- Define the MDM integration process in Cisco ISE and add an MDM Server
- Define MDM supported attributes
- Examine an MDM configuration
Module 7: Monitoring and Troubleshooting Cisco ISE Security Solutions
- Use the Cisco ISE dashboard
- Navigate Cisco ISE alarm and logging features to assist in diagnosing problems
- Use the Live Authentications log feature of Cisco ISE
- Use the Global Search and Session Trace features of Cisco ISE
- Use the TCP Dump feature of Cisco ISE
- Use the Evaluate Configuration Validator tool
- Lab 7-1: Monitoring and Troubleshooting Cisco ISE (Optional)
Appendix A: Introducing Posture Assessment
- Define posturing, describe its major components, and explain the posturing flow
- Explain typical posture example configurations to describe the configuration process
- Describe and configure posture system settings
- Describe posture policy logic and verify policy configuration