SWISE v1.0 - Implementing Cisco Identity Services Engine for Wireless Engineers

Networking/Server/Operating Systems
Schedules
Optional
  LearnITAnytime Online Subscription (1 Year Subscription - $195.00)
  IT Online Library (1 Year Subscription - $1595.00)
  Private Mentoring 3 Hours ($225)
Quantity
If quantity is more than 1, Please add all Attendees' Names /Voucher #/ Learning Credit below separated with a comma. If not specified, we will contact you prior to the class start date. Special Instructions

Description

The Implementing Cisco Identity Services Engine for Wireless Engineers (SWISE) version 1.0 course is a 2-day Instructor-led Training course. Cisco Identity Services Engine (ISE) combined with the Cisco Wireless LAN Controller (WLC), access point (AP), and end devices provide the comprehensive Cisco ISE deployment capabilities and solution into one system. This training course will enable Cisco end customers and authorized Cisco System Engineers (SEs) to understand the concepts, architecture, and use cases that are related to the Cisco ISE. This course will also prepare learners to implement basic Cisco ISE solutions. The focus is to ensure that students can implement the core features of Cisco ISE that most implementations require. Students should already be familiar with basic Cisco WLC and AP configuration.

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

  • We recommend using at least a Pentium 4 or better and 1 GB of RAM or more.
  • We recommend running Windows XP Professional SP3 or greater (Vista & Windows 7/8).
    Mac & Linux machines are also supported.
  • All PCs require Internet Explorer 7 or greater, Mozilla FireFox, or Google Chrome.
    Note: When testing connectivity, Mozilla & Chrome may not be able to fully complete the tests as intended.
  • All students should have administrator rights to their PCs.
    If you do not have administrator rights to your PC, you at least need permissions to download, install, and run Active-X controls in Internet Explorer or Cisco Any Connect Client.
  • If you are participating in a WebEx event, you should have internet access served by at least a 512K link, a full T1 Connection is recommended.
  • All PCs require the latest Java Runtime Environment, which can be downloaded from www.java.com.

Objectives

After completing this course the student should be able to:

  • Describe the business drivers, architecture, components, and scalability factors related to typical Cisco ISE deployment
  • Provision secure network access by configuring AAA services and common CoA options
  • Configure profiling processes, components, options, and best practices
  • Provision a guest user access solution and the different options that are available
  • Describe and implement a BYOD solution, with a focus on configuring BYOD using a single SSID
  • Integrate Cisco ISE with a partner MDM solution
  • Use Cisco ISE tools to gather useful information related to historical trending and to troubleshoot

Prerequisites

  • Preferred Advanced Wireless specialized partner or Gold partner
  • Knowledge of basic 802.1X (It is recommended that the student take the free 802.1X E-learning on PEC before attending this training.)
  • Basic understanding of Microsoft Active Directory or LDAP
  • CCNA-level route and switch knowledge

Who Should Attend

The primary audience for this course is as follows:

  • Wireless SEs

The secondary audience for this course is as follows:

  • SEs who work in security and manage corporate security policies

Outline

Lesson 1: Introducing Cisco ISE

  • Describe the issues that corporations face in supporting new paradigms of network access and how Cisco ISE can ease these pressures and help resolve these issues
  • Describe the Cisco ISE architecture and components
  • Describe the different Cisco ISE nodes and personas
  • Describe and compare the products that are used to run Cisco ISE
  • Describe the different Cisco ISE deployment options
  • Explain the Cisco ISE licensing options and considerations

Lesson 2: Provisioning Secure Access

  • Describe authentication services that are available to Cisco ISE
  • Describe the process that Cisco ISE uses to validate credentials from different identity sources
  • Configure authentication identity sources and policies
  • Describe Cisco ISE authorization policies and their components
  • Configure authorization components and policies
  • Define and understand CoA and review common permission elements, including dACLs, named ACLs, VLANs, and SGT

Lesson 3: Configuring Profiling

  • Describe the functions and purpose of profiling on the Cisco ISE platform
  • List the profiler probes and discuss the attributes that are associated with these probes
  • Describe and configure profiler policies
  • Configure profiling on the Cisco ISE platform
  • Verify profiling operation on the Cisco ISE platform
  • List the best practices for configuring profiling on the Cisco ISE platform

Lesson 4: Providing Guest Access

  • Describe the concept of guest web access
  • Configure the components of a CWA-based guest access solution including redirection for both wired and wireless access
  • Describe guest accounts, roles, and data stores
  • Define the functionality that is provided by the Cisco ISE portals that are used for guest access
  • Configure support for guest reporting
  • Discuss best practices as relates to Cisco ISE guest services

Lesson 5: Implementing BYOD

  • Define BYOD, explain the advantages of a Cisco BYOD solution, and describe BYOD components
  • Describe common BYOD use cases and explain how they apply to various corporate security policy needs
  • Describe BYOD deployment and configuration options authorization policy for BYOD deployments

Lesson 6: Exploring MDM Integration

  • Define the MDM integration process in Cisco ISE and add an MDM Server
  • Define MDM supported attributes
  • Examine an MDM configuration

Lesson 7: Monitoring and Troubleshooting Cisco ISE Security Solutions

  • Use the Cisco ISE dashboard
  • Navigate Cisco ISE alarm and logging features to assist in diagnosing problems
  • Use the Live Authentications log feature of Cisco ISE
  • Use the Global Search and Session Trace features of Cisco ISE
  • Use the TCP Dump feature of Cisco ISE
  • Use the Evaluate Configuration Validator tool

Appendix A: Introducing Posture Assessment

  • Define posturing, describe its major components, and explain the posturing flow
  • Explain typical posture example configurations to describe the configuration process
  • Describe and configure posture system settings
  • Describe posture policy logic and verify policy configuration

Lab Outline

  • Lab 2-1: Basic Authentication and Authorization
  • Lab 3-1: Configuring and Validating Cisco ISE Profiling
  • Lab 4-1: Configuring Cisco ISE Guest Services
  • Lab 5-1: BYOD On-Boarding using a Single SSID
  • Lab 5-2: Testing On-Boarding
  • Lab 7-1: Monitoring and Troubleshooting Cisco ISE (Optional)