Cisco® Implementing and Configuring Cisco® Identity Services Engine 2.1 (SISE)



In this course, you will learn about the Cisco Identity Services Engine (ISE)—a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x, MAB, web authentication, posture, profiling, device on-boarding, guest services, and VPN access into a single context-aware identity-based platform. The training provides learners with the knowledge and skills to enforce security compliance for wired and wireless endpoints and enhance infrastructure security using the Cisco ISE.

Audience Profile

The audience for this course is as follows:

  • ISE Administrators/Engineers
  • Wireless Administrators/Engineers
  • Consulting Systems Engineers
  • Technical/Wireless/BYOD/Security Solutions Architects
  • ATP partner systems and field engineers
  • Systems integrators who install and implement the Cisco Identity Service Engine version 2.1

Prerequisite(s) Recommended

  • CCNA Security or equivalent level of experience with Cisco devices
  • Foundation-level wireless knowledge and skills
  • Familiarity with Microsoft Windows and Microsoft Active Directory
  • Familiarity with 802.1X. Familiarity with Cisco ASA
  • Familiarity with Cisco AnyConnect Secure Mobility Client
  • IINS – Implementing Cisco IOS Network Security 3.0
  • CCNA Security Boot Camp
  • SASAC – Implementing Core Cisco ASA Security v1.0

Learning Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

  • Describe Cisco ISE architecture, installation, and distributed deployment options
  • Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE
  • Implement Cisco ISE web authentication and guest services
  • Deploy Cisco ISE profiling, posture and client provisioning services
  • Describe administration, monitoring, troubleshooting, and TrustSec SGA security
  • Configure device administration using TACACS+ in Cisco ISE

Course Outline

Course Outline

Module 1: Introducing Cisco ISE Architecture and Deployment
• Using Cisco ISE as a Network Access Policy Engine
• Cisco ISE Deployment Models
Lab: ISE Familiarization and Certificate Usage
Lab: Active Directory and Identity Source Sequences

Module 2: Cisco ISE Policy Enforcement
• 802.1X and MAB Access: Wired and Wireless
• Identity Management
• Configure Certificate Services
• Cisco ISE Policy
• Configuring Cisco ISE Policy Sets
• Implementing Third-Party Network Access Device Support
• Cisco TrustSec
• EasyConnect
Lab: Conversion to Policy Sets
Lab: Access Policy for EasyConnect
Lab: 802.1X – Wired Networks – PEAP
Lab: 802.1X – Wired Networks – EAP-FAST
Lab: 802.1X – Wireless Networks
Lab: 802.1X – MAC Authentication Bypass (MAB)

Module 3: Web Auth and Guest Services
• Web Access with Cisco ISE
• ISE Guest Access Components
• Configuring Guest Access Settings
• Configuring Portals: Sponsors and Guests
Lab: Centralized Web Authentication (CWA)
Lab; Guest Access and Reports

Module 4: Cisco ISE Profiler
• Cisco ISE Profiler
• Configuring Cisco ISE Profiling
Lab: Endpoint Profiling and Reports

Module 5: Cisco ISE BYOD
• Cisco ISE BYOD Process
• BYOD Flow
• Configuring My Devices Portal Settings
• Configuring Certificates in BYOD Scenarios
Lab: BYOD and My Device Portal

Module 6: Cisco ISE Endpoint Compliance Services
• Endpoint Compliance
• Configuring Client Posture Services and Provisioning in Cisco ISE
Lab: Posture Compliance and Reports

Module 7: Cisco ISE with AMP and VPN-Based Services
• VPN Access Using Cisco ISE
• Configuring Cisco AMP for ISE
Lab: Compliance based VPN Access
Lab: Threat Centric NAC using AMP and ANC

Module 8: Cisco ISE Integrated Solutions with APIs
• Location-Based Authorization
• Cisco ISE 2.x pxGrid
Lab: pxGrid and WSA Integration

Module 9: Working with Network Access Devices
• Configuring TACACS+ for Cisco ISE Device Administration
Lab: TACACS+ Device Administration
Lab: TrustSec Security Group Access

Module 10: Cisco ISE Design
• Designing and Deployment Best Practices
• Performing Cisco ISE Installation and Configuration Best Practices
• Deploying Failover and High-Availability
Lab: ISE Distributed Deployment
Lab: MDM Integration

Module 11: Configuring Third-Party NAD Support

Register for Course

Available Registrations: Unlimited
The Tuition ticket is sold out. You can try another ticket or another date.



Course Code


Course Duration


Instructions Method

Instructor Led