Implementing Cisco Secure Access Solutions v1.0 (SISAS)

Implementing Cisco Secure Access Solutions v1.0 (SISAS)


Duration: 5 days

The Implementing Cisco Security Access Solutions (SISAS) course describes an access control solution that centers on the Cisco Identity Services Engine (ISE). The learners build the solution by implementing basic authentication and then extending the system with the authorization, guest services, Cisco TrustSec, posture, and profiling components. The most fundamental concepts include the authentication methods, such as 802.1X, MAC Authentication Bypass (MAB), and Web authentication (WebAuth). The learners implement various types of the Extensible Authentication Protocol (EAP) using two different 802.1X supplicants: the native Windows OS supplicant and the Cisco AnyConnect supplicant. The Cisco AnyConnect supplicant is used for a range of scenarios, including EAP chaining. Although the Web

Authentication and the guest services are often deployed together, the learners first implement the WebAuth feature for employee access and then enable the guest feature to allow guest access. The posture service on the ISE is used to determine the security posture status of the endpoints. The learners use the built-in

posture elements pre-configured in the ISE, and also implement a custom remediation to automatically install antivirus software. The ISE offers a wide range of profiling capabilities. The learners test the default functionality with the common probes enabled, and extend the profiling granularity by defining custom policies. The course ends with a troubleshooting lesson and an optional troubleshooting lab exercise.


Upon completing this course, the learner will be able to meet these overall objectives:

  • Understand Cisco Identity Services Engine architecture and access control capabilities
  • Understand 802.1X architecture, implementation and operation
  • Understand commonly implemented Extensible Authentication Protocols (EAP)
  • Implement Public-Key Infrastructure with ISE
  • Understand the implement Internal and External authentication databases
  • Implement MAC Authentication Bypass
  • Implement identity-based authorization policies
  • Understand Cisco TrustSec features
  • Implement Web Authentication and Guest Access
  • Implement ISE Posture service
  • Implement ISE Profiling
  • Understand Bring Your Own Device (BYOD) with ISE
  • Troubleshoot ISE

Course Outline

Module 1: Threat Mitigation Through Identity Services

  • Lesson 1-1: Identity Services
  • Lesson 1-2: 802.1X and EAP
  • Lesson 1-3: Identity System Quick Start
  • Lesson 1-4: Module Summary
  • Lesson 1-4: Module Summary
  • Lesson 1-5: Module Self-Check

Module 2: Cisco ISE Fundamentals

  • Lesson 2-1: Cisco ISE Overview
  • Lesson 2-2: Cisco ISE PKI
  • Lesson 2-3: Cisco ISE Authentication
  • Lesson 2-4: Cisco ISE External Authentication
  • Lesson 2-5: Module Summary
  • Lesson 2-6: Module Self-Check

Module 3: Advanced Access Control

  • Lesson 3-1: Certificate-Based User Authentication
  • Lesson 3-2: Authorization
  • Lesson 3-3: Cisco TrustSec and MACsec
  • Lesson 3-4: Module Summary
  • Lesson 3-5: Module Self-Check

Module 4: Web Authentication and Guest Access

  • Lesson 4-1: Deploying WebAuth
  • Lesson 4-2: Deploying Guest Service
  • Lesson 4-3: Module Summary
  • Lesson 4-4: Module Self-Check

Module 5: Endpoint Access Control Enhancements

  • Lesson 5-1: Deploying Posture Service
  • Lesson 5-2: Deploying Profiler Service
  • Lesson 5-3: Implementing BYOD
  • Lesson 5-4: Module Summary
  • Lesson 5-5: Module Self-Check

Module 6: Access Control Troubleshooting

  • Lesson 6-1: Troubleshooting Network Access Controls
  • Lesson 6-2: Module Summary
  • Lesson 6-3: Module Self-Check

Lab Details:

  • Lab 1-1: Bootstrap Identity System
  • Lab 2-1: Enroll Cisco ISE in PKI
  • Lab 2-2: Implement MAB and Internal Authentication
  • Lab 2-3: Implement External Authentication
  • Lab 3-1: Implement EAP-TLS
  • Lab 3-2: Implement Authorization
  • Lab 3-3: Implement Cisco TrustSec and MACsec
  • Lab 4-1: Implement WebAuth for Employees
  • Lab 4-2: Implement Guest Service
  • Lab 5-1: Implement Posture Service
  • Lab 5-2: Implement Profiler Service
  • Lab 6-1: (Optional) Troubleshooting Prep
  • Lab 6-2: (Optional) Troubleshoot Network Access Controls 
SISAS 300-208

The knowledge and skills that a learner must have before attending this course are as follows:

  • CCNA Security or valid CCSP.
  • or any CCIE certification can act as a prerequisite
Course ID:

Show Schedule for: