-
Administrative access to network devices such as routers, switches or firewalls, e.g. via console or SSH, can be authenticated locally on these devices. However, control via the Cisco ISE is much more flexible, secure and scalable. As part of device administration, users can be managed centrally by the ISE itself or via a connected user database. In addition to authentication, the assignment of rights to administrators (authorization) plays an important role here. The behavior of the shell can be centrally controlled with RADIUS, and even individual commands with TACACS+. Meaningful audit logs are available via centralized reporting and accounting, as may be required in ISO-certified environments. This course highlights the advantages and disadvantages of TACACS+ and RADIUS in device administration and explains the configuration options on the ISE. A basic configuration of a distributed deployment with the various ISE nodes is described, and maintenance measures and the setup of Role Based Access Control (RBAC) are explained. Based on this, the authentication and, in particular, the authorization policy with its various conditions and results are addressed. The necessary peripherals, such as an Active Directory and a Microsoft PKI, are also included.
-
Course Contents
-
- Device administration, components and processes
- RADIUS vs. TACACS+
- Overview of the Identity Service Engine
- Licensing and Smart Licensing
- Installation and basic configuration of an ISE
- Node types in ISE deployments
- Device administration - configuration of network devices
- Authentication variants
- Use of external databases
- Policy-based control on the ISE
- Authentication and authorization rules,
- Conditions and results
- Possibilities of shell profiles
- Wildcards and regular expressions in command sets
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
The course is intended for those who want to use Cisco ISE for centralized device administration control and/or require centralized audit logs.
-
Knowledge Prerequisites
-
In addition to basic network and IP knowledge, you should have a basic understanding of operating a Cisco network.
| 1 | AAA und Device Administration |
| 1.1 | Zentrale Zugriffskontrolle auf Network Devices |
| 1.1.1 | Hintergründe |
| 1.1.2 | Zugriffskontrolle in der Praxis |
| 1.2 | RADIUS |
| 1.2.1 | Das Paketformat |
| 1.2.2 | RADIUS-Authentisierung und Autorisierung |
| 1.2.3 | RADIUS Accounting |
| 1.2.4 | Funktion der RADIUS Attribute |
| 1.3 | TACACS+ |
| 1.3.1 | Das Paketformat |
| 1.3.2 | TACACS+ Authentisierung |
| 1.3.3 | TACACS+ Autorisierung |
| 1.3.4 | TACACS+ Accounting |
| 1.4 | Konfiguration der Network Devices |
| 1.4.1 | Einrichten der Radius Clients |
| 1.4.2 | Einrichten der TACACS+ Clients |
| 2 | ISE Grundkonfiguration |
| 2.1 | ISE-Konzept |
| 2.1.1 | Das ISE 3.x Lizenzmodell |
| 2.2 | Installation der ISE (1/3) |
| 2.2.1 | ADE OS-Konfiguration |
| 2.2.2 | Die ISE über die CLI verwalten |
| 2.3 | ISE-Access |
| 2.3.1 | ISE GUI |
| 2.3.2 | Launch Menü |
| 2.3.3 | Zertifikate und ISE |
| 2.4 | ISE– Basic Device Admin Settings |
| 2.4.1 | PSN-Konfiguration |
| 2.4.2 | Device Admin – Overview |
| 2.5 | Deployments |
| 2.5.1 | Node Registration |
| 2.5.2 | Zertifikatsverwaltung im Deployment |
| 2.5.3 | Redundanz in ISE-Deployments |
| 3 | Administration und Maintenance |
| 3.1 | Admin Access |
| 3.1.1 | Administrator Groups |
| 3.1.2 | Admin Policies |
| 3.1.3 | Admin Permissions |
| 3.2 | Maintenance |
| 3.2.1 | Backup |
| 3.2.2 | Scheduled Backups |
| 3.3 | Network Access Devices |
| 3.3.1 | NAD für TACACS+ konfigurieren |
| 3.3.2 | Network Device Groups |
| 3.3.3 | Im- und Export von Network Devices |
| 4 | Authentication und Authorization bei der Device Administration |
| 4.1 | Das ISE AAA-Konzept |
| 4.2 | Device Admin Policy Sets |
| 4.2.1 | Condition Elements |
| 4.2.2 | Allowed Protocols |
| 4.3 | Die Authentication Policy |
| 4.3.1 | Authentication Condition Elements |
| 4.3.2 | Identity Stores in der Authentication Policies |
| 4.3.3 | Fallback-Szenarien |
| 4.4 | User Stores |
| 4.4.1 | Interne User |
| 4.4.2 | Interne Gruppen |
| 4.4.3 | Externe Datenbanken |
| 4.4.4 | Identity Source Sequence |
| 4.5 | Device Admin – Authorization Policy |
| 4.5.1 | Authorization Condition |
| 4.5.2 | Device Admin Result – Shell Profiles |
| 4.5.3 | Device Admin Result – Command Set |
| 4.6 | Device Administration per Radius |
| 4.6.1 | Network Access Policy Sets |
| 4.6.2 | Radius Authentication |
| 4.6.3 | Radius Authorization |
| 5 | Logging, Monitoring und Troubleshooting |
| 5.1 | Operationen im Überblick |
| 5.2 | TACACS+ Logging |
| 5.2.1 | TACACS+ Reports |
| 5.2.2 | TACACS+ Accounting |
| 5.3 | Radius Logging |
| 5.3.1 | Radius Authentication und Authorization |
| 5.3.2 | Radius Accounting |
| 5.4 | Audit Reports |
| 5.5 | Troubleshooting mit TCP Dump |
| 5.6 | Log und Alarm-Einstellungen |
| 5.6.1 | Log Categories |
| 5.6.2 | Alarm Settings |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
Administrative access to network devices such as routers, switches or firewalls, e.g. via console or SSH, can be authenticated locally on these devices. However, control via the Cisco ISE is much more flexible, secure and scalable. As part of device administration, users can be managed centrally by the ISE itself or via a connected user database. In addition to authentication, the assignment of rights to administrators (authorization) plays an important role here. The behavior of the shell can be centrally controlled with RADIUS, and even individual commands with TACACS+. Meaningful audit logs are available via centralized reporting and accounting, as may be required in ISO-certified environments. This course highlights the advantages and disadvantages of TACACS+ and RADIUS in device administration and explains the configuration options on the ISE. A basic configuration of a distributed deployment with the various ISE nodes is described, and maintenance measures and the setup of Role Based Access Control (RBAC) are explained. Based on this, the authentication and, in particular, the authorization policy with its various conditions and results are addressed. The necessary peripherals, such as an Active Directory and a Microsoft PKI, are also included.
-
Course Contents
-
- Device administration, components and processes
- RADIUS vs. TACACS+
- Overview of the Identity Service Engine
- Licensing and Smart Licensing
- Installation and basic configuration of an ISE
- Node types in ISE deployments
- Device administration - configuration of network devices
- Authentication variants
- Use of external databases
- Policy-based control on the ISE
- Authentication and authorization rules,
- Conditions and results
- Possibilities of shell profiles
- Wildcards and regular expressions in command sets
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 150,- plus VAT (only for classroom participation).
-
Target Group
-
The course is intended for those who want to use Cisco ISE for centralized device administration control and/or require centralized audit logs.
-
Knowledge Prerequisites
-
In addition to basic network and IP knowledge, you should have a basic understanding of operating a Cisco network.
| 1 | AAA und Device Administration |
| 1.1 | Zentrale Zugriffskontrolle auf Network Devices |
| 1.1.1 | Hintergründe |
| 1.1.2 | Zugriffskontrolle in der Praxis |
| 1.2 | RADIUS |
| 1.2.1 | Das Paketformat |
| 1.2.2 | RADIUS-Authentisierung und Autorisierung |
| 1.2.3 | RADIUS Accounting |
| 1.2.4 | Funktion der RADIUS Attribute |
| 1.3 | TACACS+ |
| 1.3.1 | Das Paketformat |
| 1.3.2 | TACACS+ Authentisierung |
| 1.3.3 | TACACS+ Autorisierung |
| 1.3.4 | TACACS+ Accounting |
| 1.4 | Konfiguration der Network Devices |
| 1.4.1 | Einrichten der Radius Clients |
| 1.4.2 | Einrichten der TACACS+ Clients |
| 2 | ISE Grundkonfiguration |
| 2.1 | ISE-Konzept |
| 2.1.1 | Das ISE 3.x Lizenzmodell |
| 2.2 | Installation der ISE (1/3) |
| 2.2.1 | ADE OS-Konfiguration |
| 2.2.2 | Die ISE über die CLI verwalten |
| 2.3 | ISE-Access |
| 2.3.1 | ISE GUI |
| 2.3.2 | Launch Menü |
| 2.3.3 | Zertifikate und ISE |
| 2.4 | ISE– Basic Device Admin Settings |
| 2.4.1 | PSN-Konfiguration |
| 2.4.2 | Device Admin – Overview |
| 2.5 | Deployments |
| 2.5.1 | Node Registration |
| 2.5.2 | Zertifikatsverwaltung im Deployment |
| 2.5.3 | Redundanz in ISE-Deployments |
| 3 | Administration und Maintenance |
| 3.1 | Admin Access |
| 3.1.1 | Administrator Groups |
| 3.1.2 | Admin Policies |
| 3.1.3 | Admin Permissions |
| 3.2 | Maintenance |
| 3.2.1 | Backup |
| 3.2.2 | Scheduled Backups |
| 3.3 | Network Access Devices |
| 3.3.1 | NAD für TACACS+ konfigurieren |
| 3.3.2 | Network Device Groups |
| 3.3.3 | Im- und Export von Network Devices |
| 4 | Authentication und Authorization bei der Device Administration |
| 4.1 | Das ISE AAA-Konzept |
| 4.2 | Device Admin Policy Sets |
| 4.2.1 | Condition Elements |
| 4.2.2 | Allowed Protocols |
| 4.3 | Die Authentication Policy |
| 4.3.1 | Authentication Condition Elements |
| 4.3.2 | Identity Stores in der Authentication Policies |
| 4.3.3 | Fallback-Szenarien |
| 4.4 | User Stores |
| 4.4.1 | Interne User |
| 4.4.2 | Interne Gruppen |
| 4.4.3 | Externe Datenbanken |
| 4.4.4 | Identity Source Sequence |
| 4.5 | Device Admin – Authorization Policy |
| 4.5.1 | Authorization Condition |
| 4.5.2 | Device Admin Result – Shell Profiles |
| 4.5.3 | Device Admin Result – Command Set |
| 4.6 | Device Administration per Radius |
| 4.6.1 | Network Access Policy Sets |
| 4.6.2 | Radius Authentication |
| 4.6.3 | Radius Authorization |
| 5 | Logging, Monitoring und Troubleshooting |
| 5.1 | Operationen im Überblick |
| 5.2 | TACACS+ Logging |
| 5.2.1 | TACACS+ Reports |
| 5.2.2 | TACACS+ Accounting |
| 5.3 | Radius Logging |
| 5.3.1 | Radius Authentication und Authorization |
| 5.3.2 | Radius Accounting |
| 5.4 | Audit Reports |
| 5.5 | Troubleshooting mit TCP Dump |
| 5.6 | Log und Alarm-Einstellungen |
| 5.6.1 | Log Categories |
| 5.6.2 | Alarm Settings |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Hybrid Training
Trainer language German