Course Overview

The Implementing Cisco Security Access Solutions (SISAS) course describes an access control solution that centers on the Cisco Identity Services Engine (ISE). The learners build the solution by implementing basic authentication and then extending the system with the authorization, guest services, Cisco TrustSec, posture, and profiling components. The most fundamental concepts include the authentication methods, such as 802.1X, MAC Authentication Bypass (MAB), and Web authentication (WebAuth). The learners implement various types of the Extensible Authentication Protocol (EAP) using two different 802.1X supplicants: the native Windows OS supplicant and the Cisco AnyConnect supplicant. The Cisco AnyConnect supplicant is used for a range of scenarios, including EAP chaining. Although the Web Authentication and the guest services are often deployed together, the learners first implement the WebAuth feature for employee access and then enable the guest feature to allow guest access. The posture service on the ISE is used to determine the security posture status of the endpoints. The learners use the built-in posture elements pre-configured in the ISE, and also implement a custom remediation to automatically install antivirus software. The ISE offers a wide range of profiling capabilities. The learners test the default functionality with the common probes enabled, and extend the profiling granularity by defining custom policies. The course ends with a troubleshooting lesson and an optional troubleshooting lab exercise.

Implementing Cisco Secure Access Solutions (SISAS) is also available in Digital Learning.  365-day subscription for $995.00.  See Digital Learning for purchase or call 703.467.8606.

5 days
CCNP Security
300-208 SISAS
Learning Credits: 
  • Upon completing this course, you will be able to meet these objectives:

    • Deploy Cisco ISE
    • Implement 802.1X and MAB
    • Deploy Security Group Access and MAC Security
    • Implement WebAuth and guest service
    • Deploy Posture
    • Implement Profiling
  • Module 1: Threat Mitigation through Identity Services

    • Lesson 1: Identity Services
    • Lesson 2: 802.1X and EAP
    • Lesson 3: Identity System Quick Start
    • Lesson 4: Module Summary
    • Lesson 5: Module Self-Check

    Module 2: Cisco ISE Fundamentals

    • Lesson 1: Cisco ISE Overview
    • Lesson 2: Cisco ISE with PKI
    • Lesson 3: Cisco ISE Authentication
    • Lesson 4: Cisco ISE External Authentication
    • Lesson 5: Module Summary
    • Lesson 6: Module Self-Check

    Module 3: Advanced Access Control

    • Lesson 1: Certificate-Based User Authentication
    • Lesson 2: Authorization
    • Lesson 3: Cisco TrustSec and MACsec
    • Lesson 4: Module Summary
    • Lesson 5: Module Self-Check

    Module 4: Web Authentication and Guest Access

    • Lesson 1: Deploying WebAuth
    • Lesson 2: Deploying Guest Service
    • Lesson 3: Module Summary
    • Lesson 4: Module Self-Check

    Module 5: Endpoint Access Control Enhancements

    • Lesson 1: Deploying Posture Service
    • Lesson 2: Deploying Profiler Service
    • Lesson 3: Implementing BYOD
    • Lesson 4: Module Summary
    • Lesson 5: Module Self-Check

    Module 6: Access Control Troubleshooting

    • Lesson 1: Troubleshooting Network Access Controls
    • Lesson 2: Module Summary
    • Lesson 3: Module Self-Check
    • Lab 1-1: Bootstrap Identity System
    • Lab 2-1: Enroll Cisco ISE in PKI
    • Lab 2-2: Implement MAB and Internal Authentication
    • Lab 2-3: Implement External Authentication
    • Lab 3-1: Implement EAP-TLS
    • Lab 3-2: Implement Authorization
    • Lab 3-3: Implement Cisco TrustSec and MACsec
    • Lab 4-1: Implement WebAuth for Employees
    • Lab 4-2: Implement Guest Service
    • Lab 5-1: Implement Posture Service
    • Lab 5-2: Implement Profiler Service
    • Lab 6-1: (Optional) Troubleshooting Prep
    • Lab 6-2: (Optional) Troubleshoot Network Access Controls
  • The knowledge and skills that a learner must have before attending this course are as follows:

    • Cisco Certified Network Associate (CCNA) certification
    • Cisco Certified Network Associate (CCNA) Security certification
    • Knowledge of Microsoft Windows operating system
  • The primary audiences for this course are:

    • Network Security administrators and consultants
    • CCNA Security professionals
    • Entry-level network security engineers
    • CCNP Security candidates