Implementing TrustSec Network Architectures with the Identity Services Engine (ISE) is a course designed to provide students with hands-on lab configuration of Cisco’s Identity Services Engine running software version 1.0. The ISE platform takes the place of the Cisco ACS and NAC servers typically used in today’s identity-based networks. Students will implement 802.1X-based network services using Cisco Catalyst and Nexus switches, Cisco wireless products, Cisco ASAs for VPNbased posture assessment and policy enforcement using NAC platforms, solution design, sizing,andresiliency, and platform troubleshooting.
Attendees should meet the following prerequisites:
- CCNA Certification or equivalent level of experience with the configuration of Cisco routers and switches ICND1and ICND2or CCNABC
- Introducing Identity Based Networking using IEEE 802.1X Version 1.0
- FIREWALL/VPN courses or equivalent level of experience with the configuration of the Cisco ASA firewall
- CCNP certification or equivalent level of experience.
- CCSP certification or equivalent level of experience.
- Base level of knowledge and understanding of the NAC appliance and Cisco ACS server version 5.X.
Introducing the TRUSTSEC 2.0 Solution and ISE Platform Architecture
Selecting TRUSTSEC 2.0 Infrastructure Hardware and ISE Platform
Designing the TRUSTSEC 2.0 Solution Architecture for the ISE Platform
Installing the ISE Software
Integrating the ISE into Microsoft Active Directory
Configuring the ISE for Load Balancing and High Availability
Configuring the ISE for MAC Address Bypass (MAB)
Configuring the ISE for Wired and Wireless 802.1X Authentication
Deploying VPN-based Services Using the Cisco ASA and NAC Appliance
Configuring Web Authentication Using the ISE
Using the ISE for Policy Enforcement
Introducing ISE Profiling Services
Introducing ISE Posture Services
Introducing ISE Guest Services
Introducing TRUSTSEC 2.0 Fundamentals
Configuring Cisco Routers and Switches for the TRUSTSEC 2.0 Architecture
Configuring the Cisco ISE Platform for TRUSTSEC 2.0 Integration
- LAB 1: Creating a High-Level Design
- LAB 2: Completing the Initial Software Configuration
- LAB 3: Integrating the ISE into Microsoft Active Directory
- LAB 4: Configuring the ISE for Load Balancing and High Availability
- LAB 5: Configuring the ISE for MAB
- LAB 6: Configuring Cisco Switches and Wireless LAN Controllers for 802.1X
- LAB 7: Configuring Cisco ISE for Wired 802.1X Authentication
- LAB 8: Configuring Cisco ISE for Wireless 802.1X Authentication
- LAB 9: Configuring the Cisco ASA for VPN-based Services Using the NAC Appliance
- LAB 10: Configuring Web Authentication Using the ISE
- LAB 11: Configuring the Network and ISE for Policy Enforcement
- LAB 12: Configuring Profiling on the ISE
- LAB 13: Configuring the ISE for Posture Services
- LAB 14: Creating Guest Users and Guest User Policies in the Sponsor Portal
- LAB 15: Configuring the Catalyst and Nexus Switches for the TRUSTSEC 2.0 Architecture
- LAB 16: Configuring MACSEC Support
- LAB 17: Configuring the ISR Router for the TRUSTSEC 2.0 Architecture
- LAB 18: Configuring the Cisco ISE Platform for TRUSTSEC 2.0 Integration
Upon completion of this course, you should be able to:
- Describe the TRUSTSEC 2.0 solution architecture, components, and deployment methodologies using the ISE platform.
- Create a High-level and Low-level design for the ISE platform deployment methodology, scaling requirements, and platform resiliency.
- Configure the 802.1X infrastructure for both wired and wireless 802.1X using Cisco Catalyst switches, Cisco Nexus Switches, Cisco ISR routers, and Cisco Wireless LAN Controllers.
- Deploy firewall-based VPN services using the Cisco ASA and NAC appliance.
- Configure the ISE platform in a network that includes Microsoft Active Directory.
- Configure the ISE platform for high availability.
- Configure the ISE for classification and policy enforcement.
- Deploy ISE-based profiling, posture, and guest services.
- Integrate the ISE platform with the TRUSTSEC 2.0 solution architecture.
- Troubleshoot user authentication and policy enforcement problems based on configuration error or network issue
This course is primarily targeted toward partner field engineers (FE) and secondarily sales engineers (SE) who will need to be able to design, deploy, and troubleshoot the TRUSTSEC 2.0 architecture with a focus on the ISE platform.
Recommended preparation for exam (s):
- There are no exams releavant to this course at present