Implementing Cisco Secure Access Solutions (SISAS)


Course Description

The Implementing Cisco Security Access Solutions (SISAS) course describes an access control solution that centers on the Cisco Identity Services Engine (ISE). 
The learners build the solution by implementing basic authentication and then extending the system with the authorization, guest services, Cisco TrustSec, posture, and profiling components. The most fundamental concepts include the authentication methods, such as 802.1X, MAC Authentication Bypass (MAB), and Web authentication (WebAuth). The learners implement various types of the Extensible Authentication Protocol (EAP) using two different 802.1X supplicants: the native Windows OS supplicant and the Cisco AnyConnect supplicant. The Cisco AnyConnect supplicant is used for a range of scenarios, including EAP chaining. 

Learning Objectives

  • Understand Cisco Identity Services Engine architecture and access control capabilities
  • Understand 802.1X architecture, implementation and operation
  • Understand commonly implemented Extensible Authentication Protocols (EAP)
  • Implement Public-Key Infrastructure with ISE
  • Understand the implement Internal and External authentication databases
  • Implement MAC Authentication Bypass
  • Implement identity based authorization policies Understand Cisco TrustSec features
  • Implement Web Authentication and Guest Access Implement ISE Posture service
  • Implement ISE Profiling
  • Understand Bring Your Own Device (BYOD) with ISE Troubleshoot ISE

Prerequisites
  • CCNA Security or valid CCSP or any CCIE certification can act as a prerequisite

Labs

  1. Bootstrap Identity System
  2. Enroll Cisco ISE in PKI
  3. Implement MAB and Internal Authentication
  4. Implement External Authentication
  5. Implement EAP-TLS
  6. Implement Authorization
  7. Implement Cisco TrustSec and MACsec
  8. Implement WebAuth for Employees
  9. Implement Guest Service
  10. Implement Posture Service
  11. Implement Profiler Service
  12. (Optional) Troubleshooting Prep
  13. (Optional) Troubleshoot Network Access Controls

Who Should Attend

Network security engineers

Course Information


Length: 5 day

Format: Lecture and Lab

Delivery Method: Virtual / Onsite

Max. Capacity: 16