Cisco ISE

icecream-guy · March 09, 2017, 06:04:07 AM

Anyone got any good links or know about free training for Cisco ISE for noobs?

I've got to get up to speed on it in a short amount of time.
Got some experience with ACS 5.5

maybe I go look on youtube

deanwebb · March 09, 2017, 08:48:55 AM

BUY THAT BOOK

As for the GUI stuff, I was not impressed with the admin guides. The best exposure I had was shadowing a consultant who used it constantly. Even then, there are some odd rabbit holes in the GUI that are just plain frustrating.

icecream-guy · March 09, 2017, 11:06:48 AM

Quote from: deanwebb on March 09, 2017, 08:48:55 AM

BUY THAT BOOK

As for the GUI stuff, I was not impressed with the admin guides. The best exposure I had was shadowing a consultant who used it constantly. Even then, there are some odd rabbit holes in the GUI that are just plain frustrating.

coff coff 95 bucks for a 10+ year old book....

deanwebb · March 09, 2017, 04:04:59 PM

True, it is costly, but it is totally worth it. I still refer to it for troubleshooting stuff. The major developments in 802.1X are with VSAs, which Cisco uses a ton of, but everything else in dot1x is according to Brown. One of my favorite tech books.

wintermute000 · March 09, 2017, 05:23:10 PM

Only a security guy could love dot1x/identity..... :p

deanwebb · March 09, 2017, 06:31:50 PM

Quote from: wintermute000 on March 09, 2017, 05:23:10 PM
Only a security guy could love dot1x/identity..... :p

My video response:

wintermute000 · March 09, 2017, 07:24:40 PM

Me during any identity / dot1x conversation or training

icecream-guy · March 10, 2017, 06:14:43 AM

Quote from: wintermute000 on March 09, 2017, 07:24:40 PM
Me during any identity / dot1x conversation or training

yeah, unfortunately I'm seeing a lot of requests for it in new opportunities. so it's time to ramp up my skills.

deanwebb · March 10, 2017, 10:22:26 AM

Read that book and I guarantee ramped-up skills.

By reading over how it is supposed to work and how it actually works, you get a very good appreciation of how dot1x can royally screw up your DHCP and "phone home" apps and then you learn how to mitigate the impact with pre-authorization permissions.

Ctrl Z · March 10, 2017, 12:39:53 PM

ISE can do a lot of things, if you can narrow down what it is your organization is going to do with ISE it'll be easier to get up to speed. Are you getting ready for 802.1x deployment, are you needing to setup just guest wireless at the moment, or you just needing to learn the ACS replacement portion?

deanwebb · March 10, 2017, 01:21:43 PM

^ Of those, the guest wireless is easiest to do, followed by wireless 802.1X.

ZiPPy · May 22, 2017, 02:43:26 AM

I know this thread is a bit old, but I was just curious how your ISE implementation is going/went? I had ISE dropped on my table a few months ago, and just finished up a GK training on ISE 2.1. I'm still digging in her though, as ISE is a beast! One hell of a beast!!

Cheers,

icecream-guy · May 22, 2017, 06:31:25 AM

Quote from: ZiPPy on May 22, 2017, 02:43:26 AM
I know this thread is a bit old, but I was just curious how your ISE implementation is going/went? I had ISE dropped on my table a few months ago, and just finished up a GK training on ISE 2.1. I'm still digging in her though, as ISE is a beast! One hell of a beast!!

Cheers,

project got tossed on the back burner a few month ago. determined not to be a priority at this time.

deanwebb · May 22, 2017, 09:17:01 AM

Quote from: ZiPPy on May 22, 2017, 02:43:26 AM
I know this thread is a bit old, but I was just curious how your ISE implementation is going/went? I had ISE dropped on my table a few months ago, and just finished up a GK training on ISE 2.1. I'm still digging in her though, as ISE is a beast! One hell of a beast!!

Cheers,

Yes. ALL of the NAC products are beasts.

Good luck if the guys running Prime push out a template that blanks out all the stuff needed to work with NAC or, worse, *part* of the stuff you need to work with NAC... half a NAC is worse than no NAC at all, as devices get blocked but never unblocked because the RADIUS works but the COA doesn't...