Discovery 1: Access the SISE Lab and Install ISE 3.1In this lab, you will access the SISE Lab environment and log in to your assigned pod using credentials that your instructor supplies. Then you will use the installation wizard to configure Cisco ISE 3.1. |
Discovery 2: Configure Initial Cisco ISE Setup, GUI Familiarization, and System Certificate UsageIn this lab, you will continue to set up Cisco ISE 3.1. Cisco ISE has been partially preconfigured for you. You will verify installation parameters, familiarize yourself with Cisco ISE user interface, disable the Profiling service, and perform system certificate tasks. |
Discovery 3: Integrate Cisco ISE with Active DirectoryIn this lab, you will integrate Cisco ISE with Active Directory. First, you will perform a native integration of Cisco ISE to Microsoft Active Directory. Next, you will populate the Cisco ISE dictionary with Active Directory attributes. Now that you are familiar with Active Directory integration, you will explore LDAP integration. You will configure this feature and populate the Cisco ISE dictionary with LDAP attributes. |
Discovery 4: Configure Cisco ISE Network Devices and Policy ElementsIn this lab, you will configure a basic access policy for both wired and wireless access, for employees and consultants. This policy will help you to learn how to differentiate between any type of user group, as required by your organization’s actual deployment. You will also learn how to differentiate between different access methods. You will also configure Cisco ISE Policy Sets and an Identity Access Restricted global exception policy to more fully understand scenarios where this policy may be helpful. |
Discovery 5: Configure Cisco ISE Wired PolicyIn this Lab, you will configure and test policies for the wired users. You will create a new policy set on ISE named Wired Access Policy. All the user authentication requests received on ISE from 3k-Access switch will be processed and authenticated under Wired Access Policy set. |
Discovery 6: Configure Cisco ISE Wireless PolicyIn this Lab, you will configure and test policies for the wireless users. You will create a new policy set on ISE named Wireless Access Policy. All the user authentication requests received on ISE from vWLC will be processed and authenticated under Wireless Access Policy set. |
Discovery 7: Configure Access Policy for Easy ConnectIn this lab, you will configure Cisco ISE to support the Easy Connect feature. You will configure Easy Connect for Enforcement Mode, and then configure Access Policy for Easy Connect. Finally, you will validate Easy Connect Operation. |
Discovery 8: Configure Hotspot PortalYou will configure a hotspot portal. This portal is for those who want the simplest guest access method, with less concern for strict control or tracking over who uses the service. |
Discovery 9: Configure Self-Registration PortalIn this lab, you will configure and test a Self-Registration portal. This type of access is appropriate where you want guests to register themselves before they connect to the network. |
Discovery 10: Configure Self-Registration Portal with Sponsor ApprovalIn this lab, you will configure and test a Self-Registration portal with approval. This type of access is appropriate where you want guests to register for the access and they get access only after approval from Sponsor. |
Discovery 11: Configure Sponsored-Guest PortalIn this lab, you will configure and test a Sponsored-Guest Portal and Sponsor Portal. This type of access is appropriate where you don’t want a guest to register. Sponsor can create some random accounts for the guest users as needed. |
Discovery 12: Create Guest ReportsIn this lab, you will run guest reports that are directly available from the Cisco ISE dashboard. You will explore various aspects of monitoring the Cisco ISE guest access feature and its usage. |
Discovery 13: Configure ProfilingIn this lab, you will configure and verify the Cisco ISE Profile service. You will enable the Profiler service and the Profiler Feed Service. You will also configure the NAD definitions for SNMP polling and the global SNMP Profiler settings. You will verify the NAD configurations for profiling operations. |
Discovery 14: Configure Profiling for Approved Windows DevicesIn this activity, you will configure the Cisco ISE Profiler service to use profiling data to make policy determinations. You will examine profiled endpoint data, create logical profiles, and use that profile as an identity condition for authorization policy. Finally, you will create a custom profiler policy based on observed endpoint data. |
Discovery 15: Create Cisco ISE Profiling ReportsIn this lab, you will run reports that focus on profiling data. You will run Profiler Feed reports, endpoint profile changes and summary reports, and view home page dashlet reports. |
Discovery 16: Configure BYODIn this lab, you will configure Cisco ISE BYOD onboarding. You will start by creating a customized My Device portal. Next, you will learn how Cisco ISE can dramatically reduce your operational overhead. You will configure a scenario in which certificates are automatically provisioned via the Cisco ISE internal CA. These certificates will be deployed via a Native Supplicant Provisioning profile, which you will define. You will configure a certificate authentication profile. This profile will use attributes from internally deployed CA certificates. With all this in place, you will configure Cisco ISE authentication and authorization policies for BYOD access. You will then use this configuration to onboard a mobile BYOD device. |
Discovery 17: BYOD Device ManagementIn the previous lab, you learned how to configure a BYOD solution. In this activity, you will learn how to manage that solution. The focus is on how to manage lost and stolen devices. You will examine Cisco ISE to see how it processes the endpoint for each of these situations. You will then reinstate a lost or stolen device. You will also process an endpoint for re-enrollment after a certificate has been revoked. |
Discovery 18: Configure Cisco ISE Compliance ServicesIn this activity, you will configure Cisco ISE settings and policies for compliance-based access. |
Discovery 19: Configure Posture PoliciesIn this activity, you will configure some simple Cisco ISE posture policies to provide for a functional orientation to posture policies. You will configure posture conditions, mediation, requirement, and policies. |
Discovery 20: Configure Cisco ISE Compliance ServicesIn this activity, you will configure Cisco ISE to provision Cisco posture agents. You will configure client provisioning settings for updates from Cisco online. You will configure client resources for use in compliance-based access. Finally, you will configure client provisioning policies to use posture agents. |
Discovery 21: Configure Cisco ISE for Basic Device AdministrationYou will begin by configuring the policy elements that are required for network device administration. These policy elements will then be used in the basic authentication and authorization policies, which you will create. Of course, each Network Access Device (NAD) must be configured to support TACACS+, and so you must configure the required AAA commands to fulfill this need. You will then log in with different users to validate both your authentication policies, and your authorization policies. You will know that you have granular control of not only who can access your network devices, but also what they can do. |
Discovery 22: Configure TACACS+ Command AuthorizationYou will begin this lab by configuring TACACS Command sets. Then you will modify the authorization policy to use these command sets. You will modify the switch configuration to support command authorization, and then test the various users to check their access levels. |