Links & Notes
Instructor Note:
|
Labs
The Videos of the labs are based on the US GK labs built around V2.4 of ISE. In December of 2020 the labs were up graded to V2.7. This has meant that there are slight changes to the lab guide. Please use the on-line lab guide currently v3.0.3.
Lab 13 now has a bug that requires to use PEAP for BYOD and NOT TLS. Green Labs related to the course content (10 hours)
Red Labs Are additional non course related labs (8.25 hours) Lab 0: Remote Lab Environment12 mins
Lab 1: ISE Familiarisation and Certificate Usage49 mins
Lab 2: AD and ISS28 mins
Lab 3: Policy Sets, Conditions Studio and Network Devices53 mins
Lab 4: Passive Identity (Easy Connect)42 mins
Can be treated as an Optional Lab
HOWEVER !!!BE AWARE!!!! There is some configuration carried out in this lab that is required for future labs a) Move the Switch NAD from Location Test to HQ b) Create the Employee Authz Profile & Employee ACL Lab 5: 802.1x: Wired Networks PEAP20 mins
Some config from lab 4 required to do following labs
Lab 6: 802.1x: Wired Networks EAP-FAST45 mins
Lab 7: 802.1x Wireless Networks42 mins
Lab 8: 802.1x MAB14 mins
Lab 9: Central Web Auth58 mins
Notes:
a) Difficult to select the graphic for the heading for the mobile portal. Select a different one then reselect original b) As I did the lab from a pod reset, there is a not about some of the error messages not appearing when connecting to the Guest Wi-Fi Lab 10: Guest Access & Reports Part 118 mins
Lab 10: Guest Access & Reports Part 213 mins
No IPad required, Test is carried out on a BYOD Wireless PC.
I Recommend using Edge to test access as it is easier to accept certificate for portal than it is for Chrome, Lab 11: Endpoint Profiling and Reports43 mins
Return to the command
"show device-sensor cache all" It showed no output originally but on return there was output. Lab 12: BYOD and My Device Portal Pt122 mins
Notes:
a) use iseiscool.png logo not gk-logo.png (not available) b) Tried twice on GK-25 Delete mac from WLC and try again c) Had issues with BYOD provisioning Delete macs from WLC Try again No Need to trust the cert from data-srv d) Wait when registering stolen lost 2 minutes Lab 12: BYOD and My Device Portal Pt250 mins
Step 10.2 in the diagram the ACL has a typo and should NOT read BYOD_PROVISIONONG. The table is correct.
Update Dec 2020
Had an issue with Network Setup Assistant would with a Red cross at the end of the install. Message was "Secure Access Configuration & "Network Failed" It appears to be a certificate issue from the forums. This is a bug in the Ver 2.7 of the code, follow the new lab guide. Lab 13: Posture & Reports Pt157 mins
Notes
a) Keyboard # is \ shift # is | b) Posture Conditions need patience to be seen wait or refresh REFRESH REFRESH c) In Requirements use black arrow left of Edit to add a new rule d) Install OLD Version of Avast Lab 13: Posture & Reports Pt241 mins
Lab 14: Compliance-Based VPN Access29 mins
Notes:
a) ASA password is gklabs b) Logoff remote pc after checking Admin PC and live logs. There seems to be an issue with timing that is easiest done by re testing on remote PC Lab 15: TACACS+ Device Admin43 mins
Notes:
a) The "remove tacacs+ config" in notes is in the wrong folder should read WLC ie Desktop\ISE\WLC\remove TACACS from WLC.txt b) Also login to the WLC as it1 from quick connect in Secure CRT to delete config. Will not have the priveleges as Admin Lab 16: Additional Guest Scenarios as per the standard course Hotspot etc. See STD SISE course Lab 6:Lab 17: Posture Using Temporal Agent46 mins
Notes:
a) Login as admin to change the regedit values b) Install old version of Avast Lab 18:PxGrid Integration with Firepower Pt 143 mins
Notes:
a) Make sure that you do turn On & Off the VMs not easy to identify from graphic. You have to right click the icon to see the state. b) Patience required when joining the Grid from ISE GUI Refresh Refresh c) Easy to forget to ENABLE Realm d) The Cert name is FMC-pxGrid-Cert (Not clear in notes) e) tick the encrypt box when importing certificate f) The global Exception rule in ISE is "OR" not AND g) DONT Forget to Save cert config in FMC Lab 18: PxGrid Integration with Firepower Pt 244 mins
Lab 19: Trustsec Security Group Access1 Hour 10 Mins
Notes:
a) ASA needs PAC Keys manually imported b) The PAC keys for Switch automatically generated and read by the switch Lab 20: ISE Distributed Deploy Pt11 Hour 40 mins
Notes:
a) Need to power on the secondary node b) ntp server failed on setup 0.pool.ntp.org try 204.11.201.10 Did not work responded with N to re-install NTP c) After install NTP daemon not working so "no" it to delete and add it again. d) There was a warning when adding the ISE 2 just did it again e) with same credentials e) It takes time for the services to show not running f) There was a warning about VM license Lab 20: ISE Distributed Deploy Pt225 mins
Lab 21: PxGrid Integration Stealthwatch Pt11 Hour 33 mins
Notes:
a) Test clear auth sessions on the L3 switch b) interface g0/3 authentication order dot1x mab Quite a faf to get this working dot1x would not work but managed to prove the point using MAB Lab 21: PxGrid Integration Stealthwatch Pt226 mins
| ||||||||||||
