About this Course

Implementing Cisco Secure Access Solutions (SISAS) v1.0 is a newly created five-day instructor-led training (vILT) course is part of the curriculum path leading to the Cisco Certified Network Professional Security (CCNP© Security) certification. Additionally, it is designed to prepare security engineers with the knowledge and hands-on experience so that they can deploy Cisco’s Identity Services Engine and 802.1X secure network access. The goal of the course is to provide students with foundational knowledge and the capabilities to implement and managed network access security by utilizing Cisco ISE appliance product solution. The student will gain hands-on experience with configuring various advance Cisco security solutions for mitigating outside threats and securing devices connecting to the network. At the end of the course, students will be able to reduce the risk to their IT infrastructures and applications using Cisco’s ISE appliance feature and provide operational support identity and network access control.

Audience Profile

The primary audience for this course is as follows:

• Network Security Engineers

At Course Completion

After completing this course the students should be able to:

• Understand Cisco Identity Services Engine architecture and access control capabilities
• Understand 802.1X architecture, implementation and operation
• Understand commonly implemented Extensible Authentication Protocols (EAP)
• Implement Public-Key Infrastructure with ISE
• Understand the implement Internal and External authentication databases
• Implement MAC Authentication Bypass
• Implement identity based authorization policies
• Understand Cisco TrustSec features
• Implement Web Authentication and Guest Access
• Implement ISE Posture service
• Implement ISE Profiling
• Understand Bring Your Own Device (BYOD) with ISE
• Troubleshoot ISE

Prerequisites

To fully benefit from this course, students should have the following prerequisite skills and knowledge:

• Cisco Certified Network Associate (CCNA©_) certification
• Cisco Certified Network Associate (CCNA©_) Security certification
• Knowledge of Microsoft Windows operating system

Course Outline

Module 1: Threat Mitigation Through Identity Services

• Lesson 1: Identity Services
• Lesson 2: 802.1X and EAP
• Lesson 3: Identity System Quick Start

Module 2: Cisco Identity Services Engine (ISE) Fundamentals

• Lesson 1: Cisco ISE Overview
• Lesson 2: Cisco ISE with PKI
• Lesson 3: Cisco ISE Authentication
• Lesson 4: Configuring Cisco ISE for External Authentication

Module 3: Advanced Access Control

• Lesson 1: Certificate-based User Authentication
• Lesson 2: Authorization
• Lesson 3: Security Group Access (SGA) and MACsec Implementation

Module 4: Web Authentication and Guest Access

• Lesson 1: Describe the Cisco Email Security Solutions
• Lesson 2: Guest Access Services

Module 5: Endpoint Access Control Enhancements

• Lesson 1: Posture
• Lesson 2: Profiler
• Lesson 3: BYOD

Module 6: Troubleshooting Network Access Control

• Lesson 1: Troubleshooting Network Access Control

Labs:

• Lab 1-1: Bootstrap Identity System
• Lab 2-1: Enroll Cisco ISE in PKI
• Lab 2-2: Implement MAC Authentication Bypass (MAB) and Internal ISE Authentication
• Lab 2-3: Implement External Authentication
• Lab 3-1: Implementing EAP-TLS with Identity Services Engine (ISE)
• Lab 3-2: Implementing Authorization
• Lab 4-1: Configuring Cisco ASA Access Policy
• Lab 4-2: Implement Guest Access
• Lab 5-1: Implement Posture
• Lab 5-2: Profiler
• Lab 6-1: Troubleshooting Network Access Control (Optional)