CI-SISE

Implementing and Configuring the Cisco Identity Services Engine

Price: 
Duration: 

USD 3,500.00 excl. VAT

5 Days

What you will Learn

The Implementing and Configuring Cisco Identity Services Engine (SISE) training teaches you to deploy, configure, and operate Cisco® Identity Services Engine (ISE) as the central platform for identity-based access control. Learning begins with the core architecture and installation and progresses through network access control, identity stores, policy design, and day-to-day operations. You will learn how to configure authentication and authorization policies, create scalable guest onboarding workflows, integrate network devices, and apply identity-based access decisions across wired and wireless environments. It also covers endpoint profiling, posture assessment, Terminal Access Controller Access Control Server (TACACS+) device administration, TrustSec concepts, certificate management, lifecycle operations, and advanced administration practices. The labs provide you with practical experience in Cisco ISE personas, certificate-based authentication, TEAP (EAP Chaining), Bring Your Own Device (BYOD) onboarding, device profiling, guest services, and policy enforcement in real-world environments.

A wide range of use cases are covered, including 802.1X, MAB, and certificate provisioning. As a result of this training, you will be able to design, implement, and operate a Cisco ISE deployment that meets modern enterprise requirements for identity, security, visibility, and access control.

This training prepares you for 300-715 SISE v1.1 exam. If passed, you earn the Cisco Certified Specialist – Security Identity Management Implementation certification and satisfy the concentration exam requirement for the Cisco Certified Network Professional (CCNP) Security certification. This training also earns you 32 Continuing Education (CE) credits toward recertification.

Describe how Cisco ISE fits into contemporary network security architectures and the main functions, design motivations, and common use cases
Examine the functional roles of Cisco ISE node personas, supported deployment models, licensing considerations, and their implications for design planning and scalability decisions
Implement the installation workflows, platform requirements, and initial setup steps for deploying Cisco ISE on supported virtual and hardware platforms
Evaluate the principles, message flow, and authorization outcomes of 802.1X-based network access, and Cisco ISE’s contribution to the security of wired and wireless connections with identity-based controls
Describe how MAB works, including its fallback behavior, flow sequence, and policy application within Cisco ISE, and how MAB provides access to non-802.1X-compatible devices
Establish the role of NADs in Cisco ISE authentication workflows, and provide an outline of the steps required to add, configure, and validate NADs within Cisco ISE to ensure secure policy enforcement
Discuss the role of internal and external identity sources in Cisco ISE, how user and device identities are managed, and how certificates are used for identity-based authentication
Evaluate how to configure Cisco ISE to integrate with Active Directory and LDAP, and outline the key settings and connectivity requirements needed to support external user authentication
Interpret how Cisco ISE selects identity sources during authentication and the logic and conditions that determine identity store sequences, fallback behavior, and identity normalization techniques
Discuss the structure and purpose of policy sets in Cisco ISE, including how global and local constructs interact, how policy sets are matched and evaluated, and how authentication and authorization logic is organized within each policy set
Identify how Cisco ISE evaluates authentication policies using rule conditions, identity store sequences, and dictionaries, as well as how behavior is applied when no rules match
Interpret how Cisco ISE applies authorization policies following authentication, including how rules are constructed using Conditions Studio and matched against user and device attributes to apply appropriate access profiles
Analyze Cisco ISE policies based on logs, RADIUS flow data, and session context to resolve authentication and authorization issues across different access scenarios
Analyze how Cisco ISE provides web-based guest access using CWA, and distinguish between hotspot, self-registration, and sponsored access flows
Establish global guest settings in Cisco ISE to define account lifecycle behavior, credential policies, communication methods, and access types for guests across supported onboarding processes
Configure Cisco ISE guest portals to support different access flows, manage account lifecycles, and implement deployment models that are consistent with organizational policies and scalability requirements
Set up sponsor-drive guest access in Cisco ISE via access roles, linking guest types to sponsor groups, and customizing portal behavior to support account creation and approval
Establish a clear understanding of Cisco ISE’s roles in secure and scalable BYOD access: its enterprise use cases, deployment models, policy-based control strategies, key components, Cisco ISE-specific capabilities, and onboarding designs such as single and dual SSIDs for seamless personal device integration into the network
Configure Cisco ISE to deliver supplicants, issue certificates, and enforce policies as part of a complete BYOD onboarding pipeline
Operate post-onboarding workflows using the My Device Portal, including revocation of certificates and device de-registration for lost or stolen endpoints

Explain how Cisco ISE uses profiling to identify endpoints by taking advantage of classification logic, profiler components, data flows, and feed services to provide the foundation for advanced profiling and policy enforcement
Analyze how Cisco ISE collects endpoint data using built-in probes, device sensors, and pxGrid enrichment, and how each method contributes to the accuracy and coverage of profiling
Analyze how the profiling policies in Cisco ISE classify endpoints based on collection attributes, and how logical profiles are created and applied to support the decision-making process for determining access based on identity
Design scalable profiling solutions by aligning design principles, probe selection, and NAD integration with diverse network environments
Maintain visibility of profiling through dashboards and reporting tools, and improve deployment efficiency through optimization techniques
Apply foundational understanding of Cisco ISE posture services, including agent types, flow logic, operational modes, and use cases
Implement Cisco ISE to deliver posture agents and related resources to endpoints by configuring update services, portals, and delivery policies
Administer Cisco ISE policies to ensure secure and compliant network access
Test compliance-based access enforcement by simulating a variety of endpoint scenarios using Cisco AnyConnect
Assess session behavior, interpret posture outcomes, and analyze reporting tools to confirm the effectiveness of posture policy application and remediation
Examine Cisco ISE’s use of TACACS+ for securing administrative access, including key AAA concepts and a comparison with RADIUS to illustrate centralized authentication and authorization
Set up Cisco ISE for TACACS+ based device administration by configuring policy elements such as command sets, profiles, and policy sets
Onboard network devices, define access permissions, and set up authentication and authorization rules to control administrator access
Implement advanced TACACS+ authorization logic, implement administrator command access, and implement scalable deployments using proven design guidelines
Compare Cisco’s TrustSec core architecture, operation, and design considerations, including its enhancements and planning prerequisites for enterprise deployment
Configure Cisco TrustSec segmentation in Cisco ISE, including SGT classification, SXP propagation, and tag-based policy enforcement
Interpret how to operationalize Cisco ISE through system maintenance, backup/restore procedures, certificate management, and structured upgrades in production environments