Год выпуска: 2014
Производитель: CBT Nuggets
Сайт производителя: https://www.cbtnuggets.com/
Автор: Keith Barker
Тип раздаваемого материала: Видеоурок
Описание: This Implementing Cisco Secure Access Solutions (SISAS) (300-208) video training course addresses the concepts and implementation of secure access using 802.1X and Cisco Identity Services Engine (ISE). Topics covered include certificates, MAC authentication Bypass (MAB), AnyConnect Network Access Manager (NAM), active directory integration, authentication and authorization policies, profiling, posturing, MACsec, TrustSec, Sponsor Portals, BYOD, and more.
CCNA Route/Switch and CCNA Security certification (or equivalent knowledge and skills)
Knowledge of Microsoft Windows
CCNA Security is a pre-requisite for the CCNP Security certification
Identity Services Engine (ISE)
AnyConnect suite (NAM and profile editor)
1 or more PCs to connect to switch
CCNP Security. This course (SISAS exam # 300-208) is part of the curriculum in the Cisco Certified Network Professional Security (CCNP© Security) certification
Related job functions:
The focus of this course is to assist you in learning how to implement and manage network access security using Cisco Identity Services Engine (ISE) and 802.1x solutions. The CCNA Wireless course is highly recommended as wireless access can be closely integrated with ISE.
In this Nugget, Keith welcomes you to the course and shares some tips on how you can get the most from this course.
2. ISE, ISE, Baby (24 min)
The Identity Services Engine (ISE) is a AAA server that can be used for centralized authentication, authorization, and accounting including 802.1x services. In this Nugget, Keith walks you through the configuration required to communicate between an ISE server and a switch acting as a RADIUS client.
3. 802.1x Wired (40 min)
Building on the RADIUS between the switch and the ISE server, we can configure 802.1x port-based authentication and authorization on the switch. In this Nugget, Keith demonstrates the configuration and verification of 802.1x using a native Windows supplicant.
4. CA Certificates (19 min)
Using the Public Key Infrastructure (PKI) and a CA that is already trusted by browsers, we can install a CA assigned identity certificate on our ISE server for the benefit of client verification of the ISE server. In this Nugget, Keith demonstrates how to install the root CA cert and a CA-signed ISE identity certificate on the ISE server.
5. 802.1X MAB (27 min)
MAC Authentication Bypass (MAB) can be used to authenticate devices that don't have a supplicant. In this Nugget, Keith walks you through MAB concepts, along with a demonstration of configuration and verification of MAB.
6. AnyConnect Supplicant (18 min)
The Network Access Manager (NAM) portion of AnyConnect can act as an 802.1x supplicant. In this Nugget, Keith shows you how to install and use NAM, along with an introduction to Cisco's profile manager.
7. ISE and AD (31 min)
ISE can leverage Microsoft's AD and the existing users there for 802.1x authentication. In this Nugget, Keith explains and demonstrates ISE and AD integration, including verification and troubleshooting.
8. Authorization Profiles (36 min)
In this Nugget, Keith walks you through the concepts, configuration, and verification of customized authorization profiles. AD user and computer authentication requirements and AD group membership for 802.1x authentication also are demonstrated in this video.
9. Web-Based User Authentication (31 min)
When a supplicant isn't running and there isn't a MAB entry for a MAC address, we can still authenticate a user by redirecting the user web traffic to a portal on the ISE server to allow the user to authenticate via a Web interface (WebAuth). In this Nugget, Keith explains, demonstrates, and verifies WebAuth. The switch configuration is available in the NuggetLab files for this course.
10. What is Posture? (7 min)
In this Nugget, Keith introduces you to the concept of posture and compliance checking using ISE.
11. Preparing ISE for NAC Provisioning (6 min)
ISE doesn't have updated NAC agents or posture information by default. In this Nugget, Keith walks you through how to update both of these on an ISE server.
12. Provisioning NAC agents from ISE (13 min)
This Nugget covers the policies and profiles used to provision clients with NAC agents from the ISE server.
13. Posture Compliance (13 min)
In this Nugget, Keith explains and demonstrates the implementation and verification of a posture policy using ISE and the NAC agent.
14. Profiling Endpoints (12 min)
In this Nugget, Keith explains the benefits and methods used to profile endpoints in a network managed via ISE.
15. What are MACsec and TrustSec? (6 min)
In this Nugget, Keith walks you through the concepts of MACsec and TrustSec, along with the benefits they can provide.
16. Implement TrustSec (10 min)
In this Nugget, Keith walks you through an example of configurations required on Identity Services Engine (ISE), and a Network Access Device (NAD) to implement Security Group Tag (SGT)-based Security Group Access Control Lists (SGACLs). The switch configurations used are in the NuggetLab files for this course.
17. ISE Personas (4 min)
ISE functions such as administration, policy service, monitoring, and inline posturing are referred to as personas. These functions can be implemented in a distributed ISE environment for fault tolerance and better performance. This Nugget describes those concepts.
18. Sponsor Portal Concepts (5 min)
This Nugget describes the concept of a sponsor portal to allow the receptionist to set up guest network access for users.
19. Implement an ISE Sponsor Portal (7 min)
In this Nugget, Keith shows you how to set up a Sponsor Portal on an ISE server.
20. BYOD (4 min)
In this Nugget, Keith talks with you about the Bring Your Own Device (BYOD) concept, and shares some ideas about how new computing devices could be on-boarded into an ISE environment.
21. Final Thoughts for SISAS (3 min)
In this Nugget, Keith shares some tips about preparing for the real world, as well as certification if that is your goal.
Аудио: AAC, 22,05 КГц, 2 канала