Cisco DoD Comply-to-Connect

Individuals seeking the knowledge and skils involved in deploying, operating, and verifying Cisco DoD Compy-to-Connect program

After completing this course you should be able to:

• Define DoD C2C, including its steps and alignment with ISE features/functions and Zero Trust 
• Describe Cisco Identity-Based Networking Services 
• Explain 802.1X extensible authentication protocol (EAP) 
• Configure devices for 802.1X operation 
• Configure access for non-supplicant devices 
• Describe the Cisco Identity Services Engine 
• Explain Cisco ISE deployment 
• Describe Cisco ISE policy enforcement concepts 
• Describe Cisco ISE policy configuration 
• Explain PKI fundamentals, technology, components, roles, and software supplicants 
• Troubleshoot Cisco ISE policy and third-party network access device (NAD) support 
• Describe Cisco ISE TrustSec configurations 
• Describe the Cisco ISE profiler service 
• Describe profiling best practices and reporting 
• Configure endpoint compliance 
• Configure client posture services 
• Configure Cisco ISE device administration 
• Describe the four main use cases within C2C

C2C Fundamentals

• Comply to Connect
• From C2C to ZTA
• Steps to Implement C2C

Cisco Identity-Based Networking Services

• Cisco IBNS Overview
• AAA Role in Cisco IBNS
• Compare Cisco IBNS and Cisco ISE Solutions
• Explore Cisco IBNS Architecture Components

Configure Access for Non-Supplicant Devices

• Configure Cisco IBNS for Non-Supplicant Devices
• Explore IBNS 2.0 for Non-Supplicant Devices
• Configure Cisco Central Web Authentication for Guests

Introducing Cisco ISE Architecture

• Cisco ISE as a Network Access Policy Engine
• Cisco ISE Use Cases
• Cisco ISE Functions

Introducing Cisco ISE Deployment

• Cisco ISE Deployment Models
• Cisco ISE Licensing and Network Requirements
• Cisco ISE Context Visibilty Features
• New Features in Cisco ISE3.x

Introducing Cisco ISE Policy Enforcement Components

• 802.1X for Wired and Wireless Access
• MAC Authentication Bypass for Wired and Wireless Access
• Identity Management
• Active Directory Identity Source
• Additional Identity Sources
• Certificate Services

Introducing Cisco ISE Policy Configuration

• Cisco ISE Policy
• Cisco ISE Authentication Rules
• Cisco ISE Authorization Rules

PKI and Advanced Supplicants

• Public Key Infrastructure
• TEAP in Comply to Connect (C2C)
• Secure Client ISE Features and Configuration for C2C

Introducing the Cisco ISE Profiler

• Web Access with Cisco ISE
• ISE Profiler Overview
• Cisco ISE Probes
• Profiling Policy
• Custom Attributes in Profiler

Introducing Cisco ISE Endpoint Compliance Services

• Endpoint Compliance Services Overview

Configuring Client Posture Services and Compliance

• Client Posture Sevices and Provisioning Configuration

Introducing Profiling Best Practices and Reporting

• Profiling Best Practices

C2C Use Cases

• Cisco CX ISE Reporting Tool
• ISE Reporting
• ISE Hardening
• Profiling Best Practices for C2C

Troubleshooting Cisco ISE Policy and Third-Party NAD Support

• Cisco ISE Third-Party Network Access Device Support
• Troubleshooting Cisco ISE Policy Configuration

Exploring Cisco TrustSec

• Cisco TrustSec Overview
• Cisco TrustSec Enhancements
• Cisco TrustSec Configuration

Working with Network Access Devices

• Reviewing AAA
• Cisco ISE TACACS+ Device Administration
• Configuring TACACS+ Device Administration
• TACACS+ Device Administration Guidelines and Best Practices

Labs:

• Discovery Lab 1: Configure Initial Cisco ISE Configuration and System Certificate Usage 
• Discovery Lab 2: Integrate Cisco ISE with Active Directory 
• Discovery Lab 3: Configure Cisco ISE Policy for MAB 
• Discovery Lab 4: Configure Cisco ISE Policy for 802.1X 
• Discovery Lab 5: TEAP on Windows 
• Discovery Lab 6: Configure Profiling 
• Discovery Lab 7: Customize the Cisco ISE Profiling Configuration 
• Discovery Lab 8: Configure Cisco ISE Compliance Services 
• Discovery Lab 9: Configure Client Provisioning 
• Discovery Lab 10: Configure Posture Policies 
• Discovery Lab 11: Test and Monitor Compliance-Based Access
• Discovery Lab 12: Create Cisco ISE Profiling Reports
• Discovery Lab 13: DISA Reports
• Discovery Lab 14: Certificate-Based Authentication for Cisco ISE Administration
• Discovery Lab 15: Configure Cisco TrustSec 
• Discovery Lab 16: Configure Cisco ISE for Basic Device Administration 
• Discovery Lab 17: Configure Cisco ISE Command Authorization

Attendees should meet the following pre-requisites:

• Familiarity with 802.1X 
• Familiarity with Microsoft Windows Operating Systems 
• Familiarity with Cisco IOS CLI for wired and wireless network devices 
• Familiarity with Cisco Identity Service Engine

• SISE - Implementing and Configuring Cisco Identity Services Engine

Recommended as preparation for the following exams;

• There are no exams currently linked to this course