Course Details

Previous Page


Cisco SISAS 1.0: Certificate-based Authentication and Authorization


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number



Overview/Description
Certificate-based client authentication is used in EAP-TLS environments. An advantage of using EAP-TLS is the openness of the standard, wide vendor support, and high security. Authorization is performed after authentication, when the identity of the client is already established. The authorization attributes that are sent via RADIUS to the network access devices are first configured in the ISE as authorization profiles. In this course, you will learn about certificate-based client authentication. You will also explore Cisco Identity Services Engine (ISE) authorization including how the Cisco ISE performs authorization to assign privileges to client sessions, the use of downloadable ACLs as authorization policy elements, and how Cisco ISE authorization policy rules are used to match conditions and apply authorization profiles.

Target Audience
This course is for anyone wishing to obtain the Implementing Cisco Secure Access Solutions (SISAS) v1.0 300-208 certification; one of four designed for the CCNP Security track from Cisco. Knowledge of Cisco Certified Network Associate (CCNA) certification is required and knowledge of Cisco Certified Network Associate (CCNA) Security certification and Knowledge of Microsoft Windows Operating System are helpful.

Prerequisites
None

Expected Duration (hours)
2.0

Lesson Objectives

Cisco SISAS 1.0: Certificate-based Authentication and Authorization

  • start the course
  • describe the use and implementation of certificates for clients
  • describe how to configure the 802.1X supplicant to use EAP-TLS
  • configure the 802.1X supplicant to use EAP-TLS
  • configure the 802.1X supplicant to use EAP-TLS
  • configure the 802.1X supplicant to use appropriate certificates
  • describe certificate authentication
  • verify EAP-TLS operation
  • describe the authorization in the Cisco Identity Services Engine (ISE)
  • describe the downloadable ACLs
  • describe the authorization policy
  • describe how to build compound conditions
  • describe the authorization configuration procedure and authorization profile
  • describe how to configure an authorization policy rule
  • describe how to configure an authorization policy rule
  • describe how to tune the default authorization rule
  • verify the authorization in the ISE GUI
  • verify machine authorization in the ISE GUI
  • verify the authorization on the switch
  • verify dACL assignment on the switch
  • to describe certificate-based client authentication in EAP-TLS and authorization in Cisco ISE
  • Course Number:
    cc_siss_a04_it_enus