The Cisco ISE Essentials for SD-Access (ISESDA) course shows you how to deploy the Cisco® Identity Services Engine (ISE) to support the Software-Defined Access (SD-Access) solution within your enterprise networks. You will gain an understanding of how Cisco ISE is utlitized by the SD-Access solution to provide security policies across the organization. You will learn Cisco ISE fundamentals and get hands-on practice configuring ISE, policies, AAA client configuration, VPN access, integration, wireless guest access, and more.
Prerequisites
The knowledge and skills that a learner should have before attending this course are as follows:
- Understanding of network routing and switching principles equivalent to the Cisco CCNA® certification level
Course Objectives
Upon successful completion of this course, students will be able to meet these overall objectives:
- Describe Cisco ISE policies and authentication and authorization process
- Understand different AAA protocols
- Understand how Cisco ISE fits into Cisco DNA Center architecture
- Provide configuration examples of Cisco ISE and TrustSec solutions
- Describe Cisco ISE integration with Cisco DNA Center and policy enforcement using Security Groups
- Provide configuration examples for wired, wireless, and VPN network access
- Understand how inline tagging and SGT Exchange Protocol (SXP) works
Module 1: Cisco ISE Overview
- Exploring the Cisco Identity Services Engine
- Examining AAA protocols
- Examining Authentication
- Examining Authorization
Module 2: Cisco ISE Guest Access
- Examining Guest Portal Types
- Examining Guest User Types
- Examining AAA Policies for Guest Access
Module 3: Cisco ISE and SD-Access
- Exploring Cisco SD-Access
- Examining Cisco ISE for SD-Access
Module 4: Cisco ISE SGT Exchange Protocol
- SD-Access Fabric and Host Provisioning
- Security Group Exchange Protocol
Lab Outline
- Introduction to ISE and Active Directory (AD) Integration
- Configuring ISE AAA Policies
- Configuring AAA Clients and Verifying AAA Operations
- Configuring Wireless Guest Access (Optional)
- Configuring VPN Access
The primary audience for this course is as follows:
- System engineers
- Network engineers
- Technical architects
- Technical support engineers
- Cisco integrators and partners