Blog

IP and Mobile Trends and Education

 

Workshop: Cisco ISE & Enterprise BGP

Author:


21.07.2017

Cisco ISE Internet Edge Bgp Bootcamp

 

Technology combined training.

We are announcing the Cisco ISE & Internet Edge 4 Days accelerated workshop. This is one-time training & the only one in the market. This is combined training for those who want to improve Cisco ISE troubleshooting and configuration skills as well as get familiar with BGP routing for Enterprise WAN & Internet Edge. While it might seem that we are mixing the security & RS areas, we receive many requests from industry regarding combined technology training. Why they ask about such apporach? Many enterprise network administrators face the wide scope of technology in everyday work covering Routing, Siwtching, LAN Security, VPN, WAN, Internet Edge thus spending 4 – 5 Days of training on only one product or technology area could be not affordable in terms of time and bugdet. Providing accelareated Cisco ISE & Enterprise BGP we cover many necessary aspects of Infrastructure access and BGP routing subjects.

What you will learn and lab during these 4 intensive days?

ISE SCOPE:

  • ISE as a part of Cisco TrustSec
  • ISE Architecture: nodes, functions, personas
  • Deployment options
  • Scaling Cisco ISE, resources estimation

 

  • NAD, client and ISE traffic flow
  • 802.1X concepts (EAP protocols)
  • Cisco Switch configuration as a NAD
  • Cisco WLC configuration as a NAD
  • Cisco ASA configuration as a NAD
  • Testing ISE and NAD connections

 

  • Cisco ISE authentication process (AuthC)
  • Authentication Conditions
  • Authentication Profiles
  • Internal and External Identity Sources
  • Identity Sources Sequences
  • Cisco ISE authorization process (AuthZ)
  • Authorization Conditions
  • Authorization Profiles

 

  • Guest access design (PSN behavior, session stickiness, certificates)
  • Guest portal configuration
  • Authentication and Authorization
  • Identity source sequence and authentication options
  • Sponsor Portal
  • Sponsor Authentication Sequence
  • Sponsor role based operations

 

  • Configuring profiling service
  • Verify profiling
  • Dual and Single SSID provisioning
  • On-boarding behavior setup
  • Certificate profiles preparation
  • Onboarding verification

 

BGP SCOPE:

BGP Overview

  • BGP protocol
  • Applications – Service Provider, Enterprise environments
  • Architecture – Autonomous System, BGP Policy Engines
  • iBGP and eBGP comparison and behavior, timers
  • Control Plane and Forwarding Plane
  • The BGP RIP, IP RIB, FIB roles
  • BGP Attributes
  • Path decision process
  • BGP session establishment and capabilities (MP-BGP)

 

Lab Topology overview

  • Physical and logical topology description

 

Basic topology setup 

  • LAB1: Sites addressing, interfaces setup
  • LAB2: BGP basic configuration and session establishment
  • LAB3: Prefix exchange, IP RIB, BGP RIB, FIB
  • LAB4: BGP Attributes review, Next Hop verification

 

Policy control techniques

  • Policy control usage – Filter lists
  • Prefix lists
  • LAB 5: Prefix list configuration
  • AS_PATH lists
  • LAB 6: AS_PATH list configuration
  • Community lists
  • LAB 7: AS_PATH list configuration
  • Route Maps
  • LAB 8: Route Maps configuration
  • Policy Lists
  • LAB 9: Policy lists configuration
  • BGP filtering process order
  • LAB 10: Scenario 1 – basic outbound and inbound filtering task

 

BGP – IGP interaction

  • Need for IGP and BGP exchange
  • Redistribute and network commands behavior
  • LAB 11: Configuring basic OSPF and route redistribution between processes

 

BGP in Enterprise Internet Edge

  • Internet connectivity in Enterprise, why BGP?
  • Default or Full Feed, memory estimation
  • Multihoming
  • Stub Multihoming single and multiple Border Routers
  • Standard Multihoming
  • LAB 12: Multihomed network setup
  • Inbound filtering best practice
  • Outbound filtering best practice
  • LAB 13: Filtering in Multihomed Network
  • Load Balancing
  • LAB 14: Load Balancing configuration
  • eBGP Multihop solution
  • LAB 15: Multhihop session configuration
  • Securing BGP sessions
  • LAB 16: Session security session configuration
  • LAB 17: BGP on the edge troubleshooting and task solving

 

Who will lead the  Cisco ISE training?

Training will be conducted by Marcin Biały , passionate instructor, engineer and architect who has over 12 large scale and several smaller projects implementations of Cisco ISE from (1.1 to 2.2) and used to work with biggest service providers and enterprise customers building BGP based architectures. Marcin helps organisations of various sizes to harden, transform and build scalable efficient enterprise networks.

Author

Marcin Bialy

Marcin Biały is Network and Security Architect with over 12 years of experience, with Service Provider and Enterprise networking background. He used to work for large service providers, global vendors and integration services companies as Network Architect, Leading Architect and Techincal Solution Manager positions. He designed, implemented and supported dozens large scale projects and infrastructure migrations, solved hundreds of tickets and spent hours with CLI and GUI of many flavors. Marcin is also holding industry recognizable certificates such as CCNP, CCNA, CCSI #35269, FCNSP #7207, FCNSA and more.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code


 

Newsletter