The Cisco DoD Comply-to-Connect (C2C) training teaches you how to implement and deploy a Department of Defense (DoD) Comply-to-Connect network architecture using Cisco Identity Services Engine (ISE). This training covers implementation of 802.1X for both wired and wireless devices and how Cisco ISE uses that information to apply policy control and enforcement. Additionally, other topics like supplicants, non-supplicants, ISE profiler, authentication, authorization, and accounting (AAA) and public key infrastructure (PKI) support, reporting and troubleshooting are covered. Finally, C2C specific use case scenarios are covered.
This course is worth 32 Continuing Education (CE) Credits
TARGET AUDIENCE:
Individuals seeking the knowledge and skils involved in deploying, operating, and verifying Cisco DoD Compy-to-Connect program
COURSE PREREQUISITES:
Attendees should meet the following pre-requisites:
• Familiarity with 802.1X
• Familiarity with Microsoft Windows Operating Systems
• Familiarity with Cisco IOS CLI for wired and wireless network devices
• Familiarity with Cisco Identity Service Engine
COURSE CONTENT:
C2C Fundamentals
• Comply to Connect
• From C2C to ZTA
• Steps to Implement C2C
Cisco Identity-Based Networking Services
• Cisco IBNS Overview
• AAA Role in Cisco IBNS
• Compare Cisco IBNS and Cisco ISE Solutions
• Explore Cisco IBNS Architecture Components
Configure Access for Non-Supplicant Devices
• Configure Cisco IBNS for Non-Supplicant Devices
• Explore IBNS 2.0 for Non-Supplicant Devices
• Configure Cisco Central Web Authentication for Guests
Introducing Cisco ISE Architecture
• Cisco ISE as a Network Access Policy Engine
• Cisco ISE Use Cases
• Cisco ISE Functions
Introducing Cisco ISE Deployment
• Cisco ISE Deployment Models
• Cisco ISE Licensing and Network Requirements
• Cisco ISE Context Visibilty Features
• New Features in Cisco ISE3.x
Introducing Cisco ISE Policy Enforcement Components
• 802.1X for Wired and Wireless Access
• MAC Authentication Bypass for Wired and Wireless Access
• Identity Management
• Active Directory Identity Source
• Additional Identity Sources
• Certificate Services
Introducing Cisco ISE Policy Configuration
• Cisco ISE Policy
• Cisco ISE Authentication Rules
• Cisco ISE Authorization Rules
PKI and Advanced Supplicants
• Public Key Infrastructure
• TEAP in Comply to Connect (C2C)
• Secure Client ISE Features and Configuration for C2C
Introducing the Cisco ISE Profiler
• Web Access with Cisco ISE
• ISE Profiler Overview
• Cisco ISE Probes
• Profiling Policy
• Custom Attributes in Profiler
Introducing Cisco ISE Endpoint Compliance Services
• Endpoint Compliance Services Overview
Configuring Client Posture Services and Compliance
• Client Posture Sevices and Provisioning Configuration
Introducing Profiling Best Practices and Reporting
• Profiling Best Practices
C2C Use Cases
• Cisco CX ISE Reporting Tool
• ISE Reporting
• ISE Hardening
• Profiling Best Practices for C2C
Troubleshooting Cisco ISE Policy and Third-Party NAD Support
• Cisco ISE Third-Party Network Access Device Support
• Troubleshooting Cisco ISE Policy Configuration
Exploring Cisco TrustSec
• Cisco TrustSec Overview
• Cisco TrustSec Enhancements
• Cisco TrustSec Configuration
Working with Network Access Devices
• Reviewing AAA
• Cisco ISE TACACS+ Device Administration
• Configuring TACACS+ Device Administration
• TACACS+ Device Administration Guidelines and Best Practices
Labs:
• Discovery Lab 1: Configure Initial Cisco ISE Configuration and System Certificate Usage
• Discovery Lab 2: Integrate Cisco ISE with Active Directory
• Discovery Lab 3: Configure Cisco ISE Policy for MAB
• Discovery Lab 4: Configure Cisco ISE Policy for 802.1X
• Discovery Lab 5: TEAP on Windows
• Discovery Lab 6: Configure Profiling
• Discovery Lab 7: Customize the Cisco ISE Profiling Configuration
• Discovery Lab 8: Configure Cisco ISE Compliance Services
• Discovery Lab 9: Configure Client Provisioning
• Discovery Lab 10: Configure Posture Policies
• Discovery Lab 11: Test and Monitor Compliance-Based Access
• Discovery Lab 12: Create Cisco ISE Profiling Reports
• Discovery Lab 13: DISA Reports
• Discovery Lab 14: Certificate-Based Authentication for Cisco ISE Administration
• Discovery Lab 15: Configure Cisco TrustSec
• Discovery Lab 16: Configure Cisco ISE for Basic Device Administration
• Discovery Lab 17: Configure Cisco ISE Command Authorization
COURSE OBJECTIVE:
After completing this course you should be able to:
• Define DoD C2C, including its steps and alignment with ISE features/functions and Zero Trust
• Describe Cisco Identity-Based Networking Services
• Explain 802.1X extensible authentication protocol (EAP)
• Configure devices for 802.1X operation
• Configure access for non-supplicant devices
• Describe the Cisco Identity Services Engine
• Explain Cisco ISE deployment
• Describe Cisco ISE policy enforcement concepts
• Describe Cisco ISE policy configuration
• Explain PKI fundamentals, technology, components, roles, and software supplicants
• Troubleshoot Cisco ISE policy and third-party network access device (NAD) support
• Describe Cisco ISE TrustSec configurations
• Describe the Cisco ISE profiler service
• Describe profiling best practices and reporting
• Configure endpoint compliance
• Configure client posture services
• Configure Cisco ISE device administration
• Describe the four main use cases within C2C
FOLLOW ON COURSES:
Not available. Please contact.