Implementing and Configuring Cisco Identity Services Engine (SISE) 3.0
本課程主要目的為展示如何部署和使用Cisco®IdentityServices Engine（ISE）。ISE是一種身份和訪問控制策略平台，可簡化橫跨有線、無線和VPN之連接達到一致性，高度安全的訪問權限控管。本課程教授學員實施和使用思科ISE的相關知識和技能，包括政策實施，分析服務，Web身份驗證和訪客訪問服務，BYOD，端點合規性服務以及TACACS+ 設備管理。
- Describe Cisco ISE deployments, including core deployment components and how they interact to create a cohesive security architecture. Describe the advantages of such a deployment and how each Cisco ISE capability contributes to these advantages.
- Describe concepts and configure components related to 802.1X and MAC Authentication Bypass (MAB) authentication, identity management, and certificate services.
- Describe how Cisco ISE policy sets are used to implement authentication and authorization, and how to leverage this capability to meet the needs of your organization.
- Describe third-party network access devices (NADs), Cisco TrustSec®, and Easy Connect.
- Describe and configure web authentication, processes, operation, and guest services, including guest access components and various guest access scenarios.
- Describe and configure Cisco ISE profiling services, and understand how to monitor these services to enhance your situational awareness about network-connected endpoints. Describe best practices for deploying this profiler service in your specific environment.
- Describe BYOD challenges, solutions, processes, and portals. Configure a BYOD solution, and describe the relationship between BYOD processes and their related configuration components.
- Describe and configure various certificates related to a BYOD solution.
- Describe the value of the My Devices portal and how to configure this portal.
- Describe endpoint compliance, compliance components, posture agents, posture deployment and licensing, and the posture service in Cisco ISE.
- Describe and configure TACACS+ device administration using Cisco ISE, including command sets, profiles, and policy sets. Understand the role of TACACS+ within the authentication, authentication, and accounting (AAA) framework and the differences between the RADIUS and TACACS+ protocols.
- Migrate TACACS+ functionality from Cisco Secure Access Control System (ACS) to Cisco ISE, using a migration tool.
- Network security engineers
- ISE administrators
- Wireless network security engineers
- Cisco integrators and partners
- Familiarity with the Cisco IOS® Software command-line interface (CLI)
- Familiarity with Cisco AnyConnect® Secure Mobility Client
- Familiarity with Microsoft Windows operating systems
- Familiarity with 802.1X
- Section 1: Introducing Cisco ISE Architecture and Deployment
- Section 2: Cisco ISE Policy Enforcement
- Section 3: Web Auth and Guest Services
- Section 4: Cisco ISE Profiler
- Section 5: Cisco ISE BYOD
- Section 6: Cisco ISE Endpoint Compliance Services
- Section 7: Working with Network Access Devices