Академический Документы
Профессиональный Документы
Культура Документы
Student Guide
Text Part Number: 97-3099-02
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN
CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF
THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED
WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR
PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
Student Guide
Welcome to Cisco Systems Learning. Through the Cisco Learning Partner Program,
Cisco Systems is committed to bringing you the highest-quality training in the industry.
Cisco learning products are designed to advance your professional goals and give you
the expertise you need to build and maintain strategic networks.
Cisco relies on customer feedback to guide business decisions; therefore, your valuable
input will help shape future Cisco course curricula, products, and training offerings.
We would appreciate a few minutes of your time to complete a brief Cisco online
course evaluation of your instructor and the course materials in this student kit. On the
final day of class, your instructor will provide you with a URL directing you to a short
post-course evaluation. If there is no Internet access in the classroom, please complete
the evaluation within the next 48 hours or as soon as you can access the web.
On behalf of Cisco, thank you for choosing Cisco Learning Partners for your
Internet technology training.
Sincerely,
Cisco Systems Learning
Table of Contents
Volume 1
Introduction to the Cisco TrustSec 2.0 Solution and
Cisco ISE Platform Architecture.................................................................................... 1-1
Overview ............................................................................................................................................ 1-1
Module Objectives ....................................................................................................................... 1-1
Introducing the Cisco TrustSec 2.0 Solution and ISE Platform Architecture .................. 1-3
Overview ............................................................................................................................................ 1-3
Lesson Objectives ....................................................................................................................... 1-3
Introducing the Cisco Borderless Network Architecture .................................................................... 1-4
Cisco TrustSec Solution .............................................................................................................. 1-6
Introducing the Cisco ISE................................................................................................................. 1-18
Cisco ISE Software Architecture ...................................................................................................... 1-24
External Identity Source ............................................................................................................ 1-30
Administration Node .................................................................................................................. 1-33
Policy Service Node .................................................................................................................. 1-37
Monitoring Node ........................................................................................................................ 1-39
Network Access Device ............................................................................................................. 1-43
Cisco ISE Software Licensing .......................................................................................................... 1-50
Summary .......................................................................................................................................... 1-55
Configuring Cisco ISE for Wired and Wireless 802.1X Authentication .......................... 3-79
Overview .......................................................................................................................................... 3-79
Lesson Objectives ..................................................................................................................... 3-79
Reviewing 802.1X Authentication .................................................................................................... 3-80
Authentication Initiation and Message Exchange ..................................................................... 3-82
Ports in Authorized and Unauthorized States ........................................................................... 3-83
IEEE 802.1X Host Mode ........................................................................................................... 3-85
Using IEEE 802.1X with Voice VLAN Ports .............................................................................. 3-86
Using IEEE 802.1X with Per-User ACLs ................................................................................... 3-87
802.1X Configuration Guidelines ............................................................................................... 3-89
Configuring a Windows Client for 802.1X Authentication ................................................................ 3-91
Configuring Cisco ISE for Wired 802.1X Authentication .................................................................. 3-96
Customizing the Password Policy ............................................................................................. 3-97
Creating Users and Groups ....................................................................................................... 3-99
Configuring the Identity Source Sequence .............................................................................. 3-101
ii
Advanced Services Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0
Deploying VPN-Based Services Using the Cisco ASA and Inline Posture .................. 3-129
Overview ........................................................................................................................................ 3-129
Lesson Objectives ................................................................................................................... 3-129
Introducing Inline Posture .............................................................................................................. 3-130
Trusted and Untrusted Interfaces ............................................................................................ 3-132
Choosing an Inline Posture Operating Mode .......................................................................... 3-133
Inline Posture Router Mode ..................................................................................................... 3-134
Inline Posture Bridged Mode ................................................................................................... 3-135
Choosing Standalone Mode or High Availability ..................................................................... 3-136
Inline Posture High Availability in Router Mode ...................................................................... 3-140
Inline Posture High Availability in Bridged Mode ..................................................................... 3-141
Configuring Inline Posture for Router Mode................................................................................... 3-142
Configuring Inline Posture for High Availability .............................................................................. 3-151
Configuring Inline Posture for Authorization Profiles and Policies ................................................. 3-154
Verifying Inline Posture Operation ................................................................................................. 3-166
Summary ........................................................................................................................................ 3-171
Advanced Services Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0
iii
iv
Advanced Services Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0
ISE
Student Guide
Text Part Number: 97-3100-02
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN
CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF
THIS CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED
WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR
PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.
Student Guide
Table of Contents
Volume 2
Guest, Profiler, and Posture Service Configuration .................................................... 4-1
Overview ............................................................................................................................................ 4-1
Module Objectives ....................................................................................................................... 4-1
Cisco TrustSec 2.0 Architecture Design for the ISE Appliance ................................. 5-1
Overview ............................................................................................................................................ 5-1
Module Objectives ....................................................................................................................... 5-1
Designing the Cisco TrustSec 2.0 Solution Architecture for the ISE Appliance ............. 5-3
Overview ............................................................................................................................................ 5-3
Lesson Objectives ....................................................................................................................... 5-3
High-Level Design Guidance ............................................................................................................. 5-4
Cisco ISE Packaging and Licensing.......................................................................................... 5-14
Creating the Bill of Materials ..................................................................................................... 5-25
HLD Case Studies: Small and Midsized Corporations .................................................................... 5-27
HLD Case Study: Small Corporations ....................................................................................... 5-27
HLD Case Study: Midsized Corporations .................................................................................. 5-31
Customer Overview ................................................................................................................... 5-35
Selecting Cisco TrustSec 2.0 Infrastructure Hardware and the ISE Appliance ........ A-1
Overview ............................................................................................................................................ A-1
Lesson Objectives ....................................................................................................................... A-1
Introducing Cisco TrustSec 2.0 Switching Infrastructure Hardware .................................................. A-2
Catalyst 2000 Series Switches .................................................................................................... A-3
Catalyst 3000 Series Switches .................................................................................................. A-12
Catalyst 4000 Series Switches .................................................................................................. A-18
Catalyst 6500 Switches ............................................................................................................. A-26
Cisco Nexus Switches ............................................................................................................... A-33
Introducing Cisco TrustSec 2.0 WLC Hardware .............................................................................. A-42
Wireless LAN Controller 2100 Series ........................................................................................ A-43
Wireless LAN Controller 4400 Series ........................................................................................ A-45
Wireless LAN Controller 5500 Series ........................................................................................ A-48
Catalyst 3750 Integrated Wireless LAN Controller .................................................................... A-50
Wireless Service Module ........................................................................................................... A-53
WLC Module .............................................................................................................................. A-55
Introducing Cisco TrustSec 2.0 ISE Hardware ................................................................................ A-57
Product Overview ...................................................................................................................... A-58
Features and Benefits ............................................................................................................... A-58
Summary .......................................................................................................................................... A-60
ii
Advanced Services Implementing Cisco Identity Services Engine Secure Solutions (ISE) v1.0