Welcome to ONLC Training Centers

SISE v2.1 - Implementing and Configuring Cisco® Identity Services Engine **Includes Extra BYOD Content** Course Outline

 (5 days)
Version 1.3

Implementing and Configuring Cisco Identity Services Engine (SISE) v1.3 is a 5-day ILT training program designed for ATP partner systems and field engineers, consulting systems engineers, technical solutions architects, and Cisco integrators who install and implement the Cisco Identity Service Engine version 1.3. The course covers the key components and procedures needed to install, configure, manage, and troubleshoot the Cisco Identity Services Engine version 1.3.

This course is primarily a Cisco ATP Partner training replacement course for Implementing and Configuring the Cisco Identity Services Engine (SISE) v1.1.

In addition to the normal content covered in the SISE v1.3 course, Skyline
ATS has added several enhancements. Enhanced Real World BYOD lab exercises using Mobile Devices (Apple iPads) has also been added. In addition to the BYOD enhancements, Real World lab exercises covering MAB, 802.1x-Wired, 802.1 x-Wireless, Web Authentication, Posture Assessment, & Profiling are also included.

Students registering for this course will be receiving their course kit in a digital format.

Upon completing this course, the learner will be able to meet these overall objectives:
Install Cisco ISE v. 1.3
Understand the concepts of Policy Enforcement in a Cisco network
Configure Cisco ISE v 1.3 for the following Use Cases
Guest Access
Cisco ISE Compliance and Posture
Understand the concepts of designing an implementation along with Cisco
recognized best practices

The knowledge and skills that a learner must have before attending this course are as follows:
CCNA Security
Introduction to 802.1X Operations for Cisco Security Professionals (802.1X)
Knowledge of Cisco Wireless LAN Controllers and Lightweight Access Points
Knowledge of basic command-line configuration of Cisco Catalyst switches
Familiarity with Microsoft Windows and Active Directory

Who Should Attend
The primary audience for this course is as follows:
Partner Field Engineers
Partner System Engineers


Course Introduction
  • Overview
  • Course Goal and Objectives
  • Course Flow
Module 1: Introducing the Cisco Secure Access Solution and ISE Platform Architecture
  • Lesson 1: The Cisco Secure Access Solution
  • Define a Standard Access Solution
  • Define components of a Secure Access Solution
  • Define high-level client access, identifying the previously defined
  • components802.1X, MAB, Web Authentication, and VPN
  • Lesson 2: Cisco ISE as a Network Access Policy Engine
  • Introduce the components of an ISE deployment
  • List ISE Functions (Access Policy, Guest Lifecycle Management, Profiling,
  • Posture, BYOD, pxGrid, and so on.)
  • Lesson 3: Cisco ISE Policy Security Mechanisms
  • Introduce the concept of Context and Flexible Authentication
  • Introduce and define RADIUS CoA
  • Identify Access Point ACLsdACLs, wACLs, and NAD Filters (Switch and
  • VPN)
  • Introduce and define TrustSec
  • Describe Mobile Device Management (MDM)
  • Lesson 4: Cisco TrustSec
  • Describe the standard Network Security Policy model
  • IP-based ACLs
  • The effects of Network (IP) growth and the requirements needed to
  • update the Network Security Policy
  • Introduce the TrustSec security model
  • TrustSec enforcement Model
  • The Concept of Grouping in networks
  • SG Enforcement mechanisms
  • Security Group Domains
  • Describe MACsec 802.1AE
  • Lesson 5: Installing Cisco ISE
  • Identify the installation pre-requisitesDNS, NTP, VM, DISK I/O, and so on
  • Complete the setup process
  • Describe the certificates used in ISEclient Auth/ Web portals: admin,
  • sponsor, and client
  • Lesson 6: Cisco ISE GUI Orientation
  • Navigate the top-level areas of the Cisco ISE GUI
  • Use navigation features of Cisco ISE GUI, such as hover, drill down, and
  • pop-ups
Module 2: Cisco ISE Policy Enforcement
  • Lesson 1: 802.1X and MAB Access Wired and Wireless
  • Explain 802.1X access and its components
  • Describe MAC Authentication Bypass
  • Perform NAD Configuration
  • Explain ISE Configuration for 802.1X and MAB
  • Verify 802.1X and MAB connections
  • Lesson 2: Identity Management
  • Describe Identity
  • Describe Internal Identity Sources
  • Describe External Identity Sources
  • Multi-AD Overview and Configuration
  • Describe Identity Source Sequences (ISSs)
  • Lesson 3: Cisco ISE Policy Overview
  • Identify the Authentication and Authorization parts of the process
  • Discuss Dictionaries, Identity Sources, and ISSs
  • Discuss Authentication and its components
  • Discuss Authorization and its components
  • Discuss exception policies and policy sets
  • Lesson 4: Cisco ISE Policy Sets
  • Configure, enable, and use Policy Sets
  • Compare global versus local exception processing
Module 3: Web Authentication
  • Lesson 1: Web Access with Cisco ISE
  • Explore Different Web Access Portals in ISE
  • Investigate Guest Access, BYOD, WebAuth use cases
  • Discuss Web Access components and configuration
  • Lesson 2: WebAuth Configuration
  • Configure ISE and NADs Configuration for WebAuth
  • Identify Wired, Wireless, Converged Access requirements
  • Verify WebAuth configuration
Module 4: Cisco ISE Guest Services
  • Lesson 1: Cisco ISE Guest Access Components
  • Discuss Guest Access Services
  • Discuss Guest Flow for Hotspot Access
  • Discuss Guest Flow for Self-Registered Access
  • Discuss Guest Flow for Self-Registered Access with Approval
  • Discuss Guest Flow for Sponsored Access
  • Identify Multiple Guest Portals
  • Use ISE 1.3 Guest Enhancement
  • Lesson 2: Guest Access Settings
  • Describe Guest Access Settings
  • Describe Guest Account Purge Policy
  • Modify Custom Fields
  • Modify Guest Email Settings
  • Guest Locations and SSIDs
  • Describe Guest Password Policy
  • Describe Guest Username Policy
  • Modify SMS Gateway Settings
  • Identify Guest Types
  • Lesson 3: Sponsors and Sponsor Portals
  • Describe Sponsor Groups Overview and Settings
  • Describe Sponsor Portal Customization
  • Create Guest Account via Desktop Sponsor Portal
  • Create Guest Account via Mobile Sponsor Portal
  • Manage Guest Account
  • Lesson 4: Cisco ISE Guest Portal Overview
  • Describe Guest Portals
  • Describe Hotspot Guest Portals
  • Describe Self-Registration Guest Portals
  • Describe Sponsored Guest Portal
  • Customize Guest Portals
  • Assign Portal in AuthZ Profiles
  • Lesson 5: Cisco ISE Guest Operations and Reports
  • Generate New Monitoring Reports
  • Generate New Guest Access Reports
  • Generate New Guest Logging Messages
  • Generate Home Page Guest Reports
  • Generate Enhanced Debug Logs
  • Describe Endpoint Purging
Module 5: Cisco ISE Profiler
  • Lesson 1: Introduction to Profiling
  • Describe Information Sources
  • Describe how Profiling Probes access the data
  • Describe Profiling Probes
  • Configure NADs for Profiling
  • Review Endpoint Identity Information
  • Lesson 2: Profiling Configuration on Cisco ISE
  • Configure Profiler on Cisco ISE
  • Describe Profiler Policies and Conditions
  • Verify Profiler Configuration
Module 6: Cisco ISE BYOD and MDM
  • Lesson 1: Cisco ISE BYOD Process Overview
  • Describe BYOD Components
  • Describe BYOD Enhancements
  • Describe BYOD Design
  • Lesson 2: BYOD Portal Selection
  • Describe BYOD Portal Selection Process
  • Describe Single-SSID BYOD Configuration
  • Describe Dual-SSID BYOD Configuration
  • Lesson 3: My Devices Portal Settings
  • Describe My Devices Portal Configuration
  • Manage My Devices Portal End-user Experience
  • Lesson 4: Certificates in BYOD Scenarios
  • Use local ISE CA Server and Local Certificates
  • Use Certificate Templates
  • Use Certificates Operations
  • Lesson 5: Describe MDM and ISE
  • Describe MDM
Module 7: Cisco ISE Endpoint Compliance Services
  • Lesson 1: Endpoint Compliance Posture Service Overview
  • Describe Endpoint Compliance and Access
  • Describe Compliance Components
  • Describe Compliance MDM, AnyConnect, and NAC agents
  • Lesson 2: Client Provisioning in Cisco ISE
  • Describe Client Provisioning Flows
  • Describe Client Provisioning Settings
  • Describe Client Provisioning Policy
  • Lesson 3: Mobile Client Provisioning in Cisco ISE
  • Describe MDM
  • Describe Cisco ISE integration with MDM servers
  • Describe Mobile device agent provisioning
  • Lesson 4: Configuring Cisco ISE for Posture Compliance
  • Describe Configuration of Posture Services
  • Describe Authorization Policy Adjustments for Posture
  • Describe Posture Reports
Module 8: Using Cisco ISE for VPN-based Services
  • Lesson 1: VPN Access Overview
  • Describe AAA External Authentication
  • Describe Access Flows with Cisco ISE and ASA 9.2+
  • Describe Access Flows with Cisco ISE and ASA Pre9.2
  • Lesson 2: Configuring Cisco ASA v9.2+ for VPN Access
  • Configure ASA for VPN authentication via ISE
  • Add ASA as new NAD on ISE
  • Use Cisco ISE for Posture services
  • Configure ASA v9.2+ for Posture services
  • Verify Posture configuration on ASA and ISE
  • Lesson 3: Using Inline Posture Node for NADs without CoA Support
  • Describe the Inline Posture Node
  • Describe the Inline Posture processing flow
  • Describe routed and bridged modes of Inline Posture Node
Module 9: Cisco TrustSec
  • Lesson 1: Cisco TrustSec
  • Describe SGA Overview
  • SXP and SGACLs Overview
  • SGFW Enforcement
  • Module 10: Cisco ISE Design
  • Lesson 1: Node Capabilities
  • Describe Cisco ISE Deployment Types
  • Describe Node Communications
  • Lesson 2: Failover and High Availability
  • Discuss Failover and High Availability Options
  • Describe network Infrastructure Requirements
  • Module 11: Cisco ISE Best Practices
  • Lesson 1: Best Practices
  • Describe Deployment Best Practices
  • Describe Certificates Best Practices
  • Describe Profiling Best Practices
  • Describe CWA Best Practices
  • Describe Logging and Troubleshooting
Lab Outline
  • Lab 1-1: Initial Configuration of Cisco ISE
  • Lab 1-2: Complete Cisco ISE GUI Setup
  • Lab 2-1: Integrate Cisco ISE with Active Directory
  • Lab 2-2: Integrating Cisco ISE with a second Microsoft Active
  • Lab 2-3: Basic Policy Configuration
  • Lab 2-4: Conversion to Policy Sets
  • Lab 4-1: Configure Guest Access
  • Lab 4-2: Guest Access Operations
  • Lab 4-3: Guest Reports
  • Lab 5-1: Configuring Profiling
  • Lab 5-2: Customizing the Cisco ISE Profiling Configuration
  • Lab 5-3: ISE Profiling Reports
  • Lab 6-1: BYOD Configuration
  • Lab 6-2: Device Blacklisting
  • Lab 7-1: Compliance
  • Lab 7-2: Configuring Client Provisioning
  • Lab 7-3: Configuring Posture Policies
  • Lab 7-4: Testing and Monitoring Compliance-Based Access
  • Lab 7-5: Compliance Policy Testing
  • Lab 7-6: MDM Integration with Cisco ISE
  • Lab 7-7: MDM Access and Configuration
  • Lab 7-8: Client Access with MDM
  • Lab 8-1: Using Cisco ISE for VPN Access
View outline in Word


Attend hands-on, instructor-led SISE v2.1 - Implementing and Configuring Cisco® Identity Services Engine **Includes Extra BYOD Content** training classes at ONLC's more than 300 locations. Not near one of our locations? Attend these same live classes from your home/office PC via our Remote Classroom Instruction (RCI) technology.

For additional training options, check out our list of Cisco Courses and select the one that's right for you.

Microsoft Gold Partner
Class Dates
(click date for class times)
(click Enroll for locations)

Fee:  $3995
Need a price quote?

Follow the link to our self-service price quote form to generate an email with a price quote.

Email Alert

Receive an email when this class is available as "Ready to Run" or "Early Notice" status.

Attend from your office or home

If you have high-speed internet and two computers you can likely take this class from your office or home.

Need a class for a group?

We can deliver this class for a private group at your location. Follow the link to request more information.

Attend computer classes from ONLC Training Centers Request a copy via mail


Class Format
Class Policies
Student Reviews

Bookmark and Share

First Name

Last Name