Cisco ISE for BYOD and Secure Unified Access

by ;
  • ISBN13:


  • ISBN10:


  • Edition: 2nd
  • Format: Paperback
  • Copyright: 2017-06-16
  • Publisher: Cisco Press

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $69.99 Save up to $17.50
  • Rent Book $52.49
    Add to Cart Free Shipping


Supplemental Materials

What is included with this book?

  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
  • The Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.


Fully updated: The complete guide to Cisco Identity Services Engine solutions

Using Cisco Secure Access Architecture and Cisco Identity Services Engine, you can secure and gain control of access to your networks in a Bring Your Own Device (BYOD) world.

This second edition of Cisco ISE for BYOD and Secure Unified Accesscontains more than eight brand-new chapters as well as extensively updated coverage of all the previous topics in the first edition book to reflect the latest technologies, features, and best practices of the ISE solution. It begins by reviewing today’s business case for identity solutions. Next, you walk through ISE foundational topics and ISE design. Then you explore how to build an access security policy using the building blocks of ISE. Next are the in-depth and advanced ISE configuration sections, followed by the troubleshooting and monitoring chapters. Finally, we go in depth on the new TACACS+ device administration solution that is new to ISE and to this second edition.

With this book, you will gain an understanding of ISE configuration, such as identifying users, devices, and security posture; learn about Cisco Secure Access solutions; and master advanced techniques for securing access to networks, from dynamic segmentation to guest access and everything in between.

Drawing on their cutting-edge experience supporting Cisco enterprise customers, the authors offer in-depth coverage of the complete lifecycle for all relevant ISE solutions, making this book a cornerstone resource whether you’re an architect, engineer, operator, or IT manager.

·         Review evolving security challenges associated with borderless networks, ubiquitous mobility, and consumerized IT

·         Understand Cisco Secure Access, the Identity Services Engine (ISE), and the building blocks of complete solutions

·         Design an ISE-enabled network, plan/distribute ISE functions, and prepare for rollout

·         Build context-aware security policies for network access, devices, accounting, and audit

·         Configure device profiles, visibility, endpoint posture assessments, and guest services

·         Implement secure guest lifecycle management, from WebAuth to sponsored guest access

·         Configure ISE, network access devices, and supplicants, step by step

·         Apply best practices to avoid the pitfalls of BYOD secure access

·         Set up efficient distributed ISE deployments

·         Provide remote access VPNs with ASA and Cisco ISE

·         Simplify administration with self-service onboarding and registration

·         Deploy security group access with Cisco TrustSec

·         Prepare for high availability and disaster scenarios

·         Implement passive identities via ISE-PIC and EZ Connect

·         Implement TACACS+ using ISE

·         Monitor, maintain, and troubleshoot ISE and your entire Secure Access system

·         Administer device AAA with Cisco IOS, WLC, and Nexus


Author Biography

Aaron Woland, CCIE No. 20113, is a Principal Engineer in Cisco’s Security Group and works with Cisco’s largest customers all over the world. His primary job responsibilities include Secure Access and Identity deployments with ISE, solution enhancements, standards development, Advanced Threat Security and solution futures. Aaron joined Cisco in 2005 and is currently a member of numerous security advisory boards and standards body working groups. Prior to joining Cisco, Aaron spent 12 years as a consultant and technical trainer. His areas of expertise include network and host security architecture and implementation, regulatory compliance, and route-switch and wireless.

Aaron is the author of many Cisco white papers and design guides and is co-author of CCNP Security SISAS 300-208 Official Cert Guide; Cisco Next-Generation Security Solutions: All-in-one Cisco ASA Firepower Services, NGIPS, and AMP; and CCNA Security 210-260 Complete Video Course.

Aaron is one of only five inaugural members of the Hall of Fame Elite for Distinguished Speakers at Cisco Live, and is a security columnist for Network World, where he blogs on all things related to secure network access. His other certifications include GHIC, GSEC, Certified Ethical Hacker, MCSE, VCP, CCSP, CCNP, CCDP, and many other industry certifications. You can follow Aaron on Twitter: @aaronwoland.

Jamey Heary, CCIE No. 7680, is a Distinguished Systems Engineer at Cisco Systems, where he leads the Global Security Architecture Team, GSAT. Jamey and his GSAT team work as trusted security advisors and architects to Cisco’s largest customers worldwide. Jamey sits on the PCI Security Standards Council’s Board of Advisors, where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access. He also has a patent on a new DDoS mitigation and firewall IP reputation technique. Jamey blogged for many years on Network Worldon security topics and is a Cisco Live Distinguished Speaker. Jamey sits on numerous security advisory boards for Cisco Systems and was a founding member of several Cisco security customer user groups across the United States. His other certifications include CISSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 24 years and in IT security for 20 years. You can contact Jamey at jheary@appledreams.com.

Table of Contents

Section I:  Identity Enabled Network: Unite!
Chapter 1:  Fundamentals of AAA
Chapter 2:  The Evolution of Network Access (10pgs)
Chapter 3:  Introducing Cisco Secure Access and the Identity Services Engine (6pgs)


Section II:  The Blueprint, Designing an ISE Enabled Network – 30 Pages
Chapter 3:  What are the building blocks in ISE Design? (10pgs)
Chapter 4:  Making Sense of all the ISE Design Options (15pgs)
Chapter 5:  The Basics: Principal Configuration Tasks for ISE (30pgs)


Section III:  The Foundation, Building a Context-Aware Security Policy – 30 Pages 
Chapter 6:  Creating Authentication and Authorization Policies (10pgs)
Chapter 7:  Building a Device Security Policy (10pgs)
Chapter 8:  Building an Accounting and Audit Policy (10pgs)


Section IV:  Let's Configure! – 300 Pages
Chapter 9:  Profiling Basics and Initial Configuration (20 pgs)
Chapter 10:  Bootstrapping Network Access Devices (40pgs)
Chapter 11:  The Building Blocks:  Roles and Authorization Results (15pgs)
Chapter 12:  Authentication and Authorization Policies (30pgs)
Chapter 13:  Guest Lifecycle Management  (60pgs)
Chapter 14:  Device Posture Assessments (10pgs)
Chapter 15:  Supplicant Configuration (20pgs)
Chapter 16:  BYOD: Self Service Onboarding and Registration (40)
Chapter 17: Setting up a Distributed ISE Deployment (10 pgs)
Chapter 18: Remote Access VPN with ASA and Cisco ISE (15)
Chapter 19: Deploying in Phases (50pgs)


Section V:  Advanced Secure Access Features – 50 Pages
Chapter 20: Advanced Profiling Configuration (15pgs)
Chapter 21: Cisco TrustSec AKA:Security Group Access (25pgs)
Chapter 22: High Availability & Disaster Scenarios
Chapter 23: ISE Ecosystems: the platform exchange Grid (pxGrid)


Section VI:  Monitoring, Maintenance, and Troubleshooting for Network Access AAA – 50 Pages
Chapter 24:  Understanding Monitoring and Alerting (20pgs)
Chapter 25:  Troubleshooting (25pgs)
Chapter 26:  Backup, Upgrading (15pgs)


Section VII:  Device Administration – 100 Pages
Chapter 27:  Device Admin AAA Fundamentals & Design (20pgs)
Chapter 28:  Configuring Device Admin AAA with Cisco IOS (25pgs)
Chapter 29:  Configuring Device Admin AAA with Cisco WLC (25pgs)
Chapter 30:  Device Admin AAA with Cisco NX-OS (10pgs)
Chapter 31:  Device Admin AAA with Cisco FirePower Manager (15pgs)


Appendix A:  Sample User Community Deployment Messaging Material (7pgs)
Appendix B:  Sample ISE Deployment Project Plan (5pgs)
Appendix C:  Sample Switch Configurations

Rewards Program

Write a Review