The Implementing and Configuring Cisco Identity Services Engine (SISE) v2.1 is a 5-day instructor-led course that introduces learners to the key components and procedures needed to install, configure, manage, and troubleshoot the Cisco Identity Services Engine (ISE). Cisco ISE is a next-generation identity and access control policy platform that provides a single policy plane across the entire organization combining multiple services, including authentication, authorization, and accounting (AAA), posture, profiling, device on-boarding, and guest management, into a single context-aware identity-based platform.
The course provides learners with the knowledge and skills to enforce security posture compliance for wired and wireless endpoints, and enhance infrastructure security using the Cisco ISE.


Upon completing this course, the learner will be able to meet these overall objectives:
  • Describe Cisco ISE architecture, installation, and distributed deployment options
  • Configure Network Access Devices (NADs), policy components, and basic authentication and authorization policies in Cisco ISE
  • Implement Cisco ISE web authentication and guest services
  • Deploy Cisco ISE profiling, posture, and client provisioning services
  • Describe administration, monitoring, troubleshooting, and TrustSec SGA security
  • Configure device administration using TACACS+ in Cisco ISE


The course contains these components:
  • Introducing Cisco ISE Architecture and Deployment
    • Using Cisco ISE as a Network Access Policy Engine
    • Introducing Cisco ISE Deployment Models
    • Lab: Configure Initial Cisco ISE Setup, GUI Familiarization, and System Certificate Usage
  • Cisco ISE Policy Enforcement
    • Introducing 802.1X and MAB Access: Wired and Wireless
    • Lab: Integrate Cisco ISE with Active Directory
    • Introducing Identity Management
    • Configuring Certificate Services
    • Introducing Cisco ISE Policy
    • Lab: Configure Basic Policy on Cisco ISE
    • Configuring Cisco ISE Policy Sets
    • Lab: Configure Conversion to Policy Sets
    • Implementing Third-Party Network Access Device Support
    • Introducing Cisco TrustSec
    • Introducing EasyConnect
    • Lab: Configure Access Policy for Easy Connect
  • Web Auth and Guest Services
    • Introducing Web Access with Cisco ISE
    • Lab: Configure Guest Access
    • Introducing ISE Guest Access Components
    • Configuring Guest Access Settings
    • Lab: Configure Guest Access Operations
    • Configuring Portals: Sponsors and Guests
    • Lab: Create Guest Reports
  • Cisco ISE Profiler
    • Introducing Cisco ISE Profiler
    • Configuring Cisco ISE Profiling
    • Lab: Configure Profiling
    • Lab: Customize the Cisco ISE Profiling Configuration
    • Lab: Create Cisco ISE Profiling Reports
  • Cisco ISE BYOD
    • Introducing the Cisco ISE BYOD Process
    • Describing BYOD Flow
    • Configuring My Devices Portal Settings
    • Configuring Certificates in BYOD Scenarios
    • Lab: Configure BYOD
    • Lab: Blacklisting a Device
  • Cisco ISE Endpoint Compliance Services
    • Introducing Endpoint Compliance
    • Lab: Configure Compliance Services on Cisco ISE
    • Configuring Client Posture Services and Provisioning in Cisco ISE
    • Lab: Configure Client Provisioning
    • Lab: Configure Posture Policies
    • Lab: Test and Monitor Compliance Based Access
    • Lab: Test Compliance Policy
  • Cisco ISE with AMP and VPN-Based Services
    • Introducing VPN Access Using Cisco ISE
    • Lab: Configure Cisco ISE for VPN Access
    • Configuring Cisco AMP for ISE
    • Lab: Configure Threat-Centric NAC using Cisco AMP
  • Cisco ISE Integrated Solutions with APIs
    • Introducing Location-Based Authorization
    • Introducing Cisco ISE 2.x pxGrid
    • Lab: Configure Cisco ISE pxGrid and Cisco WSA Integration
  • Working with Network Access Devices
    • Configuring TACACS+ for Cisco ISE Device Administration
    • Lab: Configure Cisco ISE for Basic Device Administration
    • Lab: Configure TACACS+ Command Authorization

The course materials contain these optional components that are not covered during a regular course delivery:
  • (Self-Study) Cisco ISE Design
    • Designing and Deployment Best Practices
    • Performing Cisco ISE Installation and Configuration Best Practices
    • Deploying Failover and High-Availability
  • (Optional/Self-Study/Reference) Configuring Third Party NAD Support
    • Configuring Third-Party NAD Support

Prerequisite Knowledge

The knowledge and skills that a learner should possess before attending this course are as follows:
  • Familiarity with Cisco IOS CLI
  • Familiarity with Cisco ASA
  • Familiarity with Cisco VPN clients
  • Familiarity with Microsoft Windows operating systems
  • Familiarity with 802.1X