ISE, ISE, Baby…Tackling the CCNP SISE Exam

As someone who's been deep in the trenches with Cisco ISE (Identity Services Engine), I can tell you it's not just a product, but a comprehensive security policy maestro. Think of ISE as your go-to for securing network access in all aspects including AAA authentication, 802.1x policy enforcement for both wired and wireless, device profiling, posturing, and policy enforcement across endpoints and VPN landscapes. Its scalability is a beauty, effortlessly fitting into small office setups or expanding to meet the demands of enterprise environments. And it also integrates with other Cisco ACI and DNA Center.

This tool has been my playground for years, shaping countless projects around its deployment and scalability.

Now, let's talk about the exam that stands like a gatekeeper to your ISE mastery. This isn't just a test; it's a journey through the intricate maze of ISE, covering its architecture, deployment strategies, policy enforcement, and the ins and outs of Web Auth, guest services, profiler, BYOD, endpoint compliance, and the nitty-gritty of network access device administration. I've mapped out a 12-week battle plan based the exam's blueprint. If you're new to ISE, this pace might feel like a sprint. But hey, in the world of network security, who doesn't love a good challenge?

Let's dive in and conquer this together!

Study Schedule

You can find the exam blueprint here.

Weeks 1-2: Architecture and Deployment (10%)

• Configure personas, deployment options, hardware and virtual machine performance specifications, and zero-touch provisioning.

Weeks 3-5: Policy Enforcement (25%)

• Focus on configuring native AD and LDAP, identity store options, wireless and wired network access, MAB, Cisco TrustSec, and policies including authentication and authorization profiles.

Weeks 6-7: Web Auth and Guest Services (15%)

• Learn to configure web authentication, guest access services, sponsor and guest portals.

Weeks 8-9: Profiler (15%)

• Implement profiler services, probes, CoA, and configure endpoint identity management.

Weeks 9-10: BYOD (15%)

• Study Cisco BYOD functionality, device on-boarding, certificate configurations, and block list/allow list.

Week 10: Endpoint Compliance (10%)

• Understand endpoint compliance posture services, client provisioning, compliance module, posture agents, and operational modes.

Week 11: Network Access Device Administration (10%)

• Compare AAA protocols and configure TACACS+ for device administration and command authorization.

Week 12: Review and Practice Tests

• Revise all topics, take practice exams, and focus on weak areas.

Resources

I’ll be using Cisco U, the Cisco documentation and the ISE OCG to prepare for this exam but here are some alternatives and additional resources.

READ

Must Have

• CCNP Security Identity Management SISE 300-715 Official Cert Guide (Please Note: this is the first edition. the updated OCG hasn’t been release yet.)

Nice to Have

• Cisco Guided ISE & NAC Resources

Watch

I’ll be using the course from Cisco U, but here are some alternatives

• Cisco Learning ISE Training Videos

• INE Identity Services Engine (ISE)

• INE Advanced Identity Services Engine (ISE)

• Cisco ISE - Identity Services Engine Course By Mohammad Imani

• Implementing and Configuring Cisco Identity Services Engine (SISE) v4.0

  
  

You can also check out Udemy for coures as well.

To supplement your learning, you can also leverage the Cisco ISE YouTube Channel, and the Cisco Live Videos for ISE.

Do

For Labs Cisco has put together a comprehensive demo on Cisco dCloud to help guide you through various configuration items. You can access these resources here.