One of the exciting new components of the version 4 CCIE Sec lab is the Identity Services Engine (ISE). It is interesting how many students, and even some instructors, have never even heard of it. In this post here in the VIP Perspectives blog area at our beloved Cisco Learning Network, I want to provide a nice high level look at what this technology from Cisco does. We also want to take a peek at some exam particulars like what exact version are we responsible for knowing, and what tasks are relevant.
First of all, there are lots of variations on how you can implement this service in your network. Let us be clear on our hardware and software focus for the lab. It is the Cisco ISE 3300 Series Identity Services Engine running 1.1x software.
What in the world does the ISE accomplish? Its main job is to provide authentication and authorization services for users and/or devices in wired, wireless, and VPN-based network deployments. Does this sound exactly like what the Cisco Access Control Server (ACS) product handles for us already? Yes it does. In fact, the ISE can replace the need for your ACS, NAC, and Profiler servers. Keep in mind that in the CCIE Lab Exam, you still have the ACS in place to ensure you can configure that environment as well.
What specific use cases can be satisfied with the Cisco ISE? Here are just some:
- Guest life cycle management
- Device profiling
- Endpoint posture
- Monitoring and troubleshooting
What are the specific tasks with the ISE 3300 series we can expect in the CCIE Lab Exam? We need to be ready to accomplish the following:
- Configuration and initialization
- ISE authZ result handling
- ISE Profiling Configuration (Probes)
- ISE Guest Services
- ISE Posture Assessment
- ISE Client Provisioning (CPP)
- ISE Configuring AD Integration/Identity Sources
- ISE support for 802.1x
- ISE MAB support
- ISE Web Auth support
- ISE definition and support for VSAs
Now if you are like me - this has peaked your interest and you want to read more RIGHT NOW! Here is an awesome starting point for you:
Thanks for reading and I hope you enjoyed this blog post!