Course Overview
This hands-on workshop teaches how to configure the Cisco Identity Services Engine (ISE) authentication for WLAN security. The course includes numerous hands-on labs utilizing up-to-date hardware such as AireOS and Cisco Catalyst 9800 WLAN controllers, 3800 and 9100 access points, ISE 2.7, Windows 10 wireless clients and Windows AD Server. A rack with the mentioned hardware will be provided to each participant. In the lab exercises, participants will configure both the ISE and the WLAN controller.
Who should attend
- Experienced network engineers configuring Cisco AireOS or Catalyst 9800 controllers
- Security engineers configuring the ISE for WLAN deployments
- Newcomers who are interested in using ISE with WLAN
Prerequisites
- Networking fundamentals
- Routing and switching fundamentals
- Wireless LAN fundamentals
- ISE fundamentals
- Experience with either AireOS or IOS XE
Course Objectives
After completing the workshop, you will have learned and practiced the following topics:
- Configuring the WLAN controller to work with Cisco ISE
- Requirements on the ISE for the WLAN controller
- Configuring WLAN security requiring Radius on the WLAN controller
- Configuring the ISE policy to respond to Radius requests from the WLC
- Administrator authentication on the WLAN controller
- Authenticating access points on switch ports
- ISE as WLAN guest server
Course Content
- Setup of ISE for WLAN controller
- Setup of AireOS and Catalyst 9800 WLAN controller for ISE
- WPA2 Enterprise (EAP/802.1X)
- Windows AD as authentication server and certificate authority
- EAP TLS authentication using certificates
- SSID with MAC filtering
- WPA2 Personal (PSK) with MAC filtering
- Identity PSK
- FlexConnect local authentication
- Local WebAuthentication with ISE authentication
- Guest anchor with ISE authentication
- ISE hotspot and guest portal
- Access point authentication on switch port
- Administrator authentication on WLC with ISE
- EWC with ISE authentication