Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
About This eBook
Title Page
Copyright Page
About the Authors
About the Technical Reviewers
Dedications
Acknowledgments
Contents at a Glance
Contents
Icons
Command Syntax Conventions
Introduction
Goals and Methods
How This Book Is Organized
Part I: The CCNP Certification
Chapter 1. CCNP Security Certification
CCNP Security Certification Overview
Contents of the CCNP-Security SISAS Exam
How to Take the SISAS Exam
Who Should Take This Exam and Read This Book?
Format of the CCNP-Security SISAS Exam
CCNP-Security SISAS 300-208 Official Certification Guide
Book Features and Exam Preparation Methods
Part II: “The Triple A” (Authentication, Authorization, and Accounting)
Chapter 2. Fundamentals of AAA
“Do I Know This Already?” Quiz
Foundation Topics
Triple-A
Compare and Select AAA Options
TACACS+
RADIUS
Comparing RADIUS and TACACS+
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 3. Identity Management
“Do I Know This Already?” Quiz
Foundation Topics
What Is an Identity?
Identity Stores
External Identity Stores
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 4. EAP Over LAN (Also Known As 802.1X)
“Do I Know This Already?” Quiz
Foundation Topics
Extensible Authentication Protocol
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 5. Non-802.1X Authentications
“Do I Know This Already?” Quiz
Foundation Topics
Devices Without a Supplicant
MAC Authentication Bypass
Web Authentication
Remote Access Connections
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 6. Introduction to Advanced Concepts
“Do I Know This Already?” Quiz
Foundation Topics
Change of Authorization
Automating MAC Authentication Bypass
Posture Assessments
Mobile Device Managers
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Part III: Cisco Identity Services Engine
Chapter 7. Cisco Identity Services Engine Architecture
“Do I Know This Already?” Quiz
Foundation Topics
What Is Cisco ISE?
Personas
Physical or Virtual Appliance
ISE Deployment Scenarios
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 8. A Guided Tour of the Cisco ISE Graphical User Interface
“Do I Know This Already?” Quiz
Foundation Topics
Logging In to ISE
Organization of the ISE GUI
Type of Policies in ISE
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 9. Initial Configuration of Cisco ISE
“Do I Know This Already?” Quiz
Foundation Topics
Cisco Identity Services Engine Form Factors
Bootstrapping Cisco ISE
Network Devices
Local User Identity Groups
Local Endpoint Groups
Local Users
External Identity Stores
Exam Preparation Tasks
Review All Key Topics
Chapter 10. Authentication Policies
“Do I Know This Already?” Quiz
Foundation Topics
The Relationship Between Authentication and Authorization
Authentication Policy
Understanding Authentication Policies
Common Authentication Policy Examples
More on MAB
Restore the Authentication Policy
Exam Preparation Tasks
Review All Key Topics
Chapter 11. Authorization Policies
“Do I Know This Already?” Quiz
Foundation Topics
Authentication Versus Authorization
Authorization Policies
Saving Conditions for Reuse
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Part IV: Implementing Secure Network Access
Chapter 12. Implement Wired and Wireless Authentication
“Do I Know This Already?” Quiz
Foundation Topics
Authentication Configuration on Wired Switches
Authentication Configuration on WLCs
Verifying Dot1X and MAB
Live Sessions Log
Looking Forward
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 13. Web Authentication
“Do I Know This Already?” Quiz
Foundation Topics
Web Authentication Scenarios
Configuring Centralized Web Authentication
Building CWA Authorization Policies
Configuring Device Registration Web Authentication
Verifying Centralized Web Authentication
Exam Preparation Tasks
Review All Key Topics
Chapter 14. Deploying Guest Services
“Do I Know This Already?” Quiz
Foundation Topics
Guest Services Overview
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 15. Profiling
“Do I Know This Already?” Quiz
Foundation Topics
ISE Profiler
Cisco ISE Probes
Infrastructure Configuration
Profiling Policies
ISE Profiler and CoA
Profiles in Authorization Policies
Verify Profiling
Exam Preparation Tasks
Review All Key Topics
Part V: Advanced Secure Network Access
Chapter 16. Certificate-Based User Authentications
“Do I Know This Already?” Quiz
Foundation Topics
Certificate Authentication Primer
A Common Misconception About Active Directory
EAP-TLS
Configuring ISE for Certificate-Based Authentications
Verifying Certificate Authentications
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 17. Bring Your Own Device
“Do I Know This Already?” Quiz
Foundation Topics
BYOD Challenges
Onboarding Process
Configuring NADs for Onboarding
ISE Configuration for Onboarding
BYOD Onboarding Process Detailed
Verifying BYOD Flows
MDM Onboarding
Managing Endpoints
The Opposite of BYOD: Identify Corporate Systems
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 18. TrustSec and MACSec
“Do I Know This Already?” Quiz
Foundation Topics
Ingress Access Control Challenges
What Is TrustSec?
What Is a Security Group Tag?
Defining the SGTs
Classification
Transport: Security Group Exchange Protocol
Transport: Native Tagging
Enforcement
MACSec
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 19. Posture Assessment
“Do I Know This Already?” Quiz
Foundation Topics
Posture Service Overview
Posture Flow
Agent Types
Posture Conditions
CoA with Posture
Configuring Posture
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Part VI: Safely Deploying in the Enterprise
Chapter 20. Deploying Safely
“Do I Know This Already?” Quiz
Foundation Topics
Why Use a Phased Approach?
A Phased Approach
Transitioning from Monitor Mode to Your End State
Wireless Networks
Exam Preparation Tasks
Review All Key Topics
Chapter 21. ISE Scale and High Availability
“Do I Know This Already?” Quiz
Foundation Topics
Configuring ISE Nodes in a Distributed Environment
Making the First Node a Primary Device
Registering an ISE Node to the Deployment
Licensing in a Multinode ISE Cube
Understanding the HA Options Available
Using Load Balancers
IOS Load Balancing
Maintaining ISE Deployments
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Chapter 22. Troubleshooting Tools
“Do I Know This Already?” Quiz
Foundation Topics
Logging
Diagnostics Tools
Troubleshooting Outside of ISE
Exam Preparation Tasks
Review All Key Topics
Part VII: Final Preparation
Chapter 23. Final Preparation
Advice About the Exam Event
Learning the Question Types Using the Cisco Certification Exam Tutorial
Thinking About Your Time Budget Versus Number of Questions
A Suggested Time-Check Method
Miscellaneous Pre-Exam Suggestions
Exam-Day Advice
Exam Review
Taking Practice Exams
Finding Knowledge Gaps Through Question Review
Other Study Tasks
Final Thoughts
Part VIII: Appendixes
Appendix A. Answers to the “Do I Know This Already?” Quizzes
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Chapter 18
Chapter 19
Chapter 20
Chapter 21
Chapter 22
Appendix B. Configuring the Microsoft CA for BYOD
CA Requirements
Other Useful Information
Microsoft Hotfixes
AD Account Roles
Configuration Steps
Installing the CA
Adding the Remaining Roles
Configuring the Certificate Template
Publishing the Certificate Template
Editing the Registry
Useful Links
Appendix C. Using the Dogtag CA for BYOD
What Is Dogtag, and Why Use It?
Prerequisites
Installing Packages with yum
Configuring Proxy (if Needed)
Updating System Packages with yum
Installing and Configuring the NTP Service
Installing the LDAP Server
Installing the PHP Services
Installing and Configuring Dogtag
Modifying the Firewall Rules (iptables)
Creating a New CA Instance
Enabling and Configuring SCEP
Preparing Apache
Configuring ISE to Use the New Dogtag CA
Adding Dogtag to the SCEP RA Profiles
Appendix D. Sample Switch Configurations
Catalyst 2960/3560/3750 Series, 12.2(55)SE
Catalyst 3560/3750 Series, 15.0(2)SE
Catalyst 4500 Series, IOS-XE 3.3.0/15.1(1)SG
Catalyst 6500 Series, 12.2(33)SXJ
Glossary
Index
Code Snippets
← Prev
Back
Next →
← Prev
Back
Next →