Trainer Keith Barker has completed his “Cisco CCNP Security 300-208 SISAS” training course, which centers on implementing Cisco Secure Access Solutions. The course covers topics such as Identity Services Engine, 802.1x Wired, and more. This training also prepares students to take the 300-208 exam, which is required to earn Cisco CCNP Security certification.
Implementing Cisco Secure Access Solutions
by Keith Barker
TOTAL VIDEOS : 21
COURSE DURATION: 05:32:44
1. Course Introduction (00:03:47)
In this Nugget, Keith welcomes you to the course and shares some tips on how you can get the most from this course.
2. ISE, ISE, Baby (00:24:28)
The Identity Services Engine (ISE) is a AAA server that can be used for centralized authentication, authorization, and accounting including 802.1x services. In this Nugget, Keith walks you through the configuration required to communicate between an ISE server and a switch acting as a RADIUS client.
3. 802.1x Wired (00:41:38)
Building on the RADIUS between the switch and the ISE server, we can configure 802.1x port-based authentication and authorization on the switch. In this Nugget, Keith demonstrates the configuration and verification of 802.1x using a native Windows supplicant.
4. CA Certificates (00:19:47)
Using the Public Key Infrastructure (PKI) and a CA that is already trusted by browsers, we can install a CA assigned identity certificate on our ISE server for the benefit of client verification of the ISE server. In this Nugget, Keith demonstrates how to install the root CA cert and a CA-signed ISE identity certificate on the ISE server.
5. 802.1X MAB (00:27:15)
MAC Authentication Bypass (MAB) can be used to authenticate devices that don't have a supplicant. In this Nugget, Keith walks you through MAB concepts, along with a demonstration of configuration and verification of MAB.
6. AnyConnect Supplicant (00:18:17)
The Network Access Manager (NAM) portion of AnyConnect can act as an 802.1x supplicant. In this Nugget, Keith shows you how to install and use NAM, along with an introduction to Cisco's profile manager.
7. ISE and AD (00:31:18)
ISE can leverage Microsoft's AD and the existing users there for 802.1x authentication. In this Nugget, Keith explains and demonstrates ISE and AD integration, including verification and troubleshooting.
8. Authorization Profiles (00:36:42)
In this Nugget, Keith walks you through the concepts, configuration, and verification of customized authorization profiles. AD user and computer authentication requirements and AD group membership for 802.1x authentication also are demonstrated in this video.
9. Web-Based User Authentication (00:31:58)
When a supplicant isn't running and there isn't a MAB entry for a MAC address, we can still authenticate a user by redirecting the user web traffic to a portal on the ISE server to allow the user to authenticate via a Web interface (WebAuth). In this Nugget, Keith explains, demonstrates, and verifies WebAuth. The switch configuration is available in the NuggetLab files for this course.
10. What is Posture? (00:07:44)
In this Nugget, Keith introduces you to the concept of posture and compliance checking using ISE.
11. Preparing ISE for NAC Provisioning (00:06:54)
ISE doesn't have updated NAC agents or posture information by default. In this Nugget, Keith walks you through how to update both of these on an ISE server.
12. Provisioning NAC agents from ISE (00:13:27)
This Nugget covers the policies and profiles used to provision clients with NAC agents from the ISE server.
13. Posture Compliance (00:13:44)
In this Nugget, Keith explains and demonstrates the implementation and verification of a posture policy using ISE and the NAC agent.
14. Profiling Endpoints (00:12:44)
In this Nugget, Keith explains the benefits and methods used to profile endpoints in a network managed via ISE.
15. What are MACsec and TrustSec? (00:06:48)
In this Nugget, Keith walks you through the concepts of MACsec and TrustSec, along with the benefits they can provide.
16. Implement TrustSec (00:10:24)
In this Nugget, Keith walks you through an example of configurations required on Identity Services Engine (ISE), and a Network Access Device (NAD) to implement Security Group Tag (SGT)-based Security Group Access Control Lists (SGACLs). The switch configurations used are in the NuggetLab files for this course.
17. ISE Personas (00:04:54)
ISE functions such as administration, policy service, monitoring, and inline posturing are referred to as personas. These functions can be implemented in a distributed ISE environment for fault tolerance and better performance. This Nugget describes those concepts.
18. Sponsor Portal Concepts (00:05:02)
This Nugget describes the concept of a sponsor portal to allow the receptionist to set up guest network access for users.
19. Implement an ISE Sponsor Portal (00:07:32)
In this Nugget, Keith shows you how to set up a Sponsor Portal on an ISE server.
20. BYOD (00:04:43)
In this Nugget, Keith talks with you about the Bring Your Own Device (BYOD) concept, and shares some ideas about how new computing devices could be on-boarded into an ISE environment.
21. Final Thoughts for SISAS (00:03:38)
In this Nugget, Keith shares some tips about preparing for the real world, as well as certification if that is your goal.
I recommends Buy premimum account for High speed+parallel downloads!