Networking-Forums.com

Professional Discussions => Everything Else in the Data Center => Topic started by: icecream-guy on March 09, 2017, 06:04:07 AM

Title: Cisco ISE
Post by: icecream-guy on March 09, 2017, 06:04:07 AM
Anyone got any good links or know about free training for Cisco ISE for noobs?

I've got  to get up to speed on it in a short amount of time. 
Got some experience with ACS 5.5

maybe I go look on youtube
Title: Re: Cisc ISE
Post by: deanwebb on March 09, 2017, 08:48:55 AM
(https://books.google.com/books/content?id=nlbrC3KLvCAC&printsec=frontcover&img=1&zoom=1&edge=curl&imgtk=AFLRE73gLtjajQWmfiivmdFdlDddJrrQC0doBghNQAtDIW7odU1y_8kWeWFJtRDgufFCdowviUMBXyzG81iWhLvhCRIeVK2FerSd0G7RUuvgUoc9puRk8u9-kMDHnwDIsZRJ0WQOwIDh)

BUY THAT BOOK

As for the GUI stuff, I was not impressed with the admin guides. The best exposure I had was shadowing a consultant who used it constantly. Even then, there are some odd rabbit holes in the GUI that are just plain frustrating.
Title: Re: Cisc ISE
Post by: icecream-guy on March 09, 2017, 11:06:48 AM
Quote from: deanwebb on March 09, 2017, 08:48:55 AM
(https://books.google.com/books/content?id=nlbrC3KLvCAC&printsec=frontcover&img=1&zoom=1&edge=curl&imgtk=AFLRE73gLtjajQWmfiivmdFdlDddJrrQC0doBghNQAtDIW7odU1y_8kWeWFJtRDgufFCdowviUMBXyzG81iWhLvhCRIeVK2FerSd0G7RUuvgUoc9puRk8u9-kMDHnwDIsZRJ0WQOwIDh)

BUY THAT BOOK

As for the GUI stuff, I was not impressed with the admin guides. The best exposure I had was shadowing a consultant who used it constantly. Even then, there are some odd rabbit holes in the GUI that are just plain frustrating.

coff coff  95 bucks for a 10+ year old book.... :'( :angry:
Title: Re: Cisco ISE
Post by: deanwebb on March 09, 2017, 04:04:59 PM
True, it is costly, but it is totally worth it. I still refer to it for troubleshooting stuff. The major developments in 802.1X are with VSAs, which Cisco uses a ton of, but everything else in dot1x is according to Brown. One of my favorite tech books.
Title: Re: Cisco ISE
Post by: wintermute000 on March 09, 2017, 05:23:10 PM
Only a security guy could love dot1x/identity..... :p
Title: Re: Cisco ISE
Post by: deanwebb on March 09, 2017, 06:31:50 PM
Quote from: wintermute000 on March 09, 2017, 05:23:10 PM
Only a security guy could love dot1x/identity..... :p

My video response:

Title: Re: Cisco ISE
Post by: wintermute000 on March 09, 2017, 07:24:40 PM
Me during any identity / dot1x conversation or training


(http://blog.siestahammocks.com.au/wp-content/uploads/2014/02/mexican-siesta-man.jpg)
Title: Re: Cisco ISE
Post by: icecream-guy on March 10, 2017, 06:14:43 AM
Quote from: wintermute000 on March 09, 2017, 07:24:40 PM
Me during any identity / dot1x conversation or training


(http://blog.siestahammocks.com.au/wp-content/uploads/2014/02/mexican-siesta-man.jpg)

yeah,  unfortunately I'm seeing a lot of requests for it in new opportunities. so it's time to ramp up my skills.
Title: Re: Cisco ISE
Post by: deanwebb on March 10, 2017, 10:22:26 AM
Read that book and I guarantee ramped-up skills.

By reading over how it is supposed to work and how it actually works, you get a very good appreciation of how dot1x can royally screw up your DHCP and "phone home" apps and then you learn how to mitigate the impact with pre-authorization permissions.
Title: Re: Cisco ISE
Post by: Ctrl Z on March 10, 2017, 12:39:53 PM
ISE can do a lot of things, if you can narrow down what it is your organization is going to do with ISE it'll be easier to get up to speed. Are you getting ready for 802.1x deployment, are you needing to setup just guest wireless at the moment, or you just needing to learn the ACS replacement portion?
Title: Re: Cisco ISE
Post by: deanwebb on March 10, 2017, 01:21:43 PM
^ Of those, the guest wireless is easiest to do, followed by wireless 802.1X.
Title: Re: Cisco ISE
Post by: ZiPPy on May 22, 2017, 02:43:26 AM
I know this thread is a bit old, but I was just curious how your ISE implementation is going/went?  I had ISE dropped on my table a few months ago, and just finished up a GK training on ISE 2.1.  I'm still digging in her though, as ISE is a beast! One hell of a beast!!

Cheers,
Title: Re: Cisco ISE
Post by: icecream-guy on May 22, 2017, 06:31:25 AM
Quote from: ZiPPy on May 22, 2017, 02:43:26 AM
I know this thread is a bit old, but I was just curious how your ISE implementation is going/went?  I had ISE dropped on my table a few months ago, and just finished up a GK training on ISE 2.1.  I'm still digging in her though, as ISE is a beast! One hell of a beast!!

Cheers,

project got tossed on the back burner a few month ago. determined not to be a priority at this time.
Title: Re: Cisco ISE
Post by: deanwebb on May 22, 2017, 09:17:01 AM
Quote from: ZiPPy on May 22, 2017, 02:43:26 AM
I know this thread is a bit old, but I was just curious how your ISE implementation is going/went?  I had ISE dropped on my table a few months ago, and just finished up a GK training on ISE 2.1.  I'm still digging in her though, as ISE is a beast! One hell of a beast!!

Cheers,
Yes. ALL of the NAC products are beasts.

Good luck if the guys running Prime push out a template that blanks out all the stuff needed to work with NAC or, worse, *part* of the stuff you need to work with NAC... half a NAC is worse than no NAC at all, as devices get blocked but never unblocked because the RADIUS works but the COA doesn't...