Cisco Identity Services Engine Essentials (ISE-Essentials)


This course includes Cisco Training Exclusives

EXCLUSIVE TO GLOBAL KNOWLEDGE - Accelerate your Cisco learning experience with complimentary access to the IT Skills Video On-Demand Library, Introduction to Cybersecurity digital learning course, course recordings, IT Resource Library, and digital courseware.

Learn more

�In this course, you will learn about the Cisco Identity Services Engine (ISE) a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA) using 802.1x and MAB. The training provides learners with the knowledge and skills to implement 802.1X and MAB for wired and wireless endpoints. The class focuses on configuring Network Access Devices (IOS switches, and Wireless Lan Controllers) with commands necessary for ISE integration. The class also covers configuration of endpoints to use the native Microsoft supplicant with PEAP and EAP-TLS, as well as the Cisco NAM supplicant with EAP-FAST. Time is taken to explore Microsoft Active Directory group policy for endpoint configuration, and to cover integration of an enterprise CA for certificate based authentication.

This course is an intensive hands-on experience. With enhanced hands-on labs, you will setup and patch an ISE node, and use and enterprise CA to configure certificate services for use in a distributed deployment. You will integrate ISE with Active Directory and configure Group Policy to automatically enroll endpoints with an enterprise CA for TLS based authentication. You will configure and test AAA and 802.1X on an IOS switch using classical commands to integrate with ISE. You will migrate and test an IOS switch configuration to use the new-mode IBNS 2.0 Cisco Common Classification Policy Language (C3PL). You will configure and test a Cisco Wireless LAN Controller (WLC) with advanced ISE features. The class also covers the new ISE 2.3 conditions studio and its use in Policy Sets for Authentication/Authorization rules, Profiling of endpoints on the network, and Device Administration using TACACS+.


  • Consulting systems engineers
  • Technical solutions architects
  • Integrators who install and implement the Cisco ISE version 2.3
  • End users (Cisco customers) desiring the knowledge to install, configure, and deploy Cisco ISE 2.3
  • Cisco channel partners and field engineers who need to meet the educational requirements to attain Authorized Technology Partner (ATP) authorization to sell and support the ISE product


The learner is expected to have the following skills and knowledge before attending this course:

  • CCNA Security or equivalent level of experience with Cisco devices
  • Foundation-level wireless knowledge and skills
  • Familiarity with Microsoft Windows and Microsoft Active Directory
  • Familiarity with 802.1X
  • Familiarity with Cisco ASA
  • Familiarity with Cisco AnyConnect Secure Mobility Client

Learning Objectives

  • Implement Best Practices for Designing and Deploying a Distributed Cisco ISE Solution
  • Install certificates into ISE using a Windows 2012 Certificate Authority (CA)
  • Configure the Local and Active Directory Based Identity Store and use of Identity Source Sequences
  • Implement Best Practices for configuring a Cisco IOS Switch for use with ISE
  • Migrate an existing Cisco IOS Switch configuration to New-Mode Cisco Common Classification Policy Language (C3PL)
  • Implement Best Practices for configuring a Cisco Wireless LAN Controller (WLC) for use with ISE
  • Configure Policy Sets and Network Access Devices in ISE
  • Implement & Test 802.1X in ISE for wired PEAP, EAP-FAST & EAP-TLS Supplicants
  • Implement & Test 802.1X in ISE for wireless EAP-FAST & EAP-TLS Supplicants
  • Implement & Test MAC Authentication Bypass (MAB) in ISE for wired and wireless endpoints
  • Turn on Endpoint Profiling and use it to identify popular endpoints such as Windows and Apple iOS devices.
  • Implement TACACS+ for Switch and WLC Device Administration

  • Cisco ISE Architecture and Deployment
    • Cisco ISE Features Overview
    • PKI in an ISE deployment
    • Cisco ISE Deployment Models
  • Cisco ISE Identity Management
    • Configuring Cisco ISE Internal Identity Sources
    • Configuring Cisco ISE External Identity Sources
    • Configuring Endpoints for Certificate Based Authentication
  • Cisco ISE Policy Enforcement
    • Registering Network Access Devices in Cisco ISE
    • Working with ISE Dictionaries
    • Configuring Cisco ISE Policy Sets
    • Using the Cisco ISE Conditions Studio to Configure Policy Elements
    • Creating Downloadable ACLs and Authorization Profiles
    • Configuring Authentication Policy Rules including Identity Source and Allowed Protocols
    • Configuring Authorization Policy Rules including conditions and authorization profiles
  • Introducing Wired and Wireless 802.1X and MAB
    • Overview of 802.1X Including Commonly implemented Extensible Authentication Protocols (EAPs)
    • Configuring a Cisco IOS Switch using Identity-Based Network Services (IBNS) commands for integration with ISE including
    • Configure & Test 802.1x supplicant parameters on a wired endpoint using PEAP and EAP-TLS
    • Migrating to IBNS 2.0 Cisco Common Classification Policy Language (C3PL) commands on a Cisco Switch
    • Configure & Test 802.1x supplicant parameters on a wired endpoint using EAP-FAST
    • Configuring a Cisco WLC for integration with ISE from the WLC CLI and GUI
    • Configure & Test 802.1x supplicant parameters on a wireless endpoint using EAP-FAST & EAP-TLS
    • Implement & Test MAC Authentication Bypass in ISE for non-supplicant Endpoints
  • Cisco ISE Profiler for Endpoint Discovery and Classification
    • Configuring Profiler Probes
    • Working with the Profiler Feed Service
    • Implementing Profiler Policy and Identity Groups
    • Using Profiler Logical Profiles
  • Cisco ISE TACACS+ for wired and wireless Device Administration
    • Configuring TACACS Policy Sets
    • Working with Identity Sources for Authentication
    • Configuring Shell Profiles & Command Sets for Authorization
    • Performing Wired and Wireless Device Administration