Implementing and Configuring Cisco Identity Services Engine (SISE)

The Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0 course teaches you to deploy and use Cisco Identity Services Engine (ISE) v3.x, an identity and access control policy platform that simplifies the delivery of consistent, highly secure access control across wired, wireless, and VPN connections.

This hands-on course provides you with the knowledge and skills to implement and apply Cisco ISE capabilities to support use cases for Zero Trust security posture. These use cases include tasks such as policy enforcement, profiling services, web authentication and guest access services, BYOD, endpoint compliance services, and Terminal Access Controller Access Control Server (TACACS+) device administration. Through hands-on practice via lab exercises, you will learn how to use Cisco ISE to gain visibility into what is happening in your network, streamline security policy management, and contribute to operational efficiency.

Day 1 – Introduction & Core Concepts (8 Hours)

Module 1: Course Overview & Zero Trust Foundations

• Course objectives, structure, and lab environment overview
• Understanding Cisco ISE role in Zero Trust Architecture
• ISE deployment models and personas (Administration, Policy Service, Monitoring)
• ISE licensing models and capabilities (Base, Plus, Apex, Device Admin)

Lab 1:

• Exploring ISE GUI and CLI
• Setting up the ISE Lab environment

Day 2 – Network Access Control & Policy Enforcement (8 Hours)

Module 2: Network Access Device Integration

• Integrating switches, wireless controllers, and VPN devices with ISE
• RADIUS and TACACS+ overview
• Authentication, Authorization, and Accounting (AAA) workflow

Module 3: Policy Configuration

• Policy Sets, Conditions, and Authorization Profiles
• Identity sources (Active Directory, LDAP, Certificates)
• Authentication policy design for wired and wireless

Lab 2:

• Configure network devices for 802.1X authentication
• Build and test authentication/authorization policies

Day 3 – Profiling, Guest Access, and Web Authentication (8 Hours)

Module 4: Profiling Services

• Endpoint profiling architecture and probes
• Creating and using profiling policies
• Dynamic Authorization and CoA (Change of Authorization)

Module 5: Web Authentication and Guest Access

• Guest lifecycle management
• Self-registration portals and sponsor approval workflows
• Integration with external guest databases

Lab 3:

• Configure endpoint profiling
• Build a guest access portal and test web authentication

Day 4 – BYOD & Device Compliance (8 Hours)

Module 6: Bring Your Own Device (BYOD)

• BYOD onboarding and certificate provisioning
• Integration with MDM/EMM solutions (e.g., Intune, JAMF, Cisco Meraki)
• Automating BYOD workflows

Module 7: Posture and Compliance Services

• Posture assessment, remediation, and compliance enforcement
• AnyConnect posture module and client provisioning
• Custom posture policies

Lab 4:

• Configure a BYOD onboarding workflow
• Build and test endpoint posture assessment

Day 5 – Device Administration & Operations (8 Hours)

Module 8: TACACS+ Device Administration

• TACACS+ overview and integration
• Role-Based Access Control (RBAC)
• Device administration policies and command authorization

Module 9: Operations, Monitoring & Troubleshooting

• Using ISE dashboards, reports, and logs
• Troubleshooting authentication and policy failures
• Backup, restore, and upgrade best practices

Lab 5:

• Configure TACACS+ device administration
• Troubleshoot failed authentications and policy mismatches

Wrap-Up:

• Course review and Q&A
• Certification and next steps (SISE and related Cisco Security learning paths)