Links & Notes
The Videos of the labs are based on the US GK labs built around V2.4 of ISE. In December of 2020 the labs were up graded to V2.7. This has meant that there are slight changes to the lab guide. Please use the on-line lab guide currently v3.0.3.
Lab 13 now has a bug that requires to use PEAP for BYOD and NOT TLS.
Green Labs related to the course content (10 hours)
Red Labs Are additional non course related labs (8.25 hours)
Lab 0: Remote Lab Environment
Lab 1: ISE Familiarisation and Certificate Usage
Lab 2: AD and ISS
Lab 3: Policy Sets, Conditions Studio and Network Devices
Lab 4: Passive Identity (Easy Connect)
Can be treated as an Optional Lab
!!!BE AWARE!!!! There is some configuration carried out in this lab that is required for future labs
a) Move the Switch NAD from Location Test to HQ
b) Create the Employee Authz Profile & Employee ACL
Lab 5: 802.1x: Wired Networks PEAP
Some config from lab 4 required to do following labs
Lab 6: 802.1x: Wired Networks EAP-FAST
Lab 7: 802.1x Wireless Networks
Lab 8: 802.1x MAB
Lab 9: Central Web Auth
a) Difficult to select the graphic for the heading for the mobile portal. Select a different one then reselect original
b) As I did the lab from a pod reset, there is a not about some of the error messages not appearing when connecting to the Guest Wi-Fi
Lab 10: Guest Access & Reports Part 1
Lab 10: Guest Access & Reports Part 2
No IPad required, Test is carried out on a BYOD Wireless PC.
I Recommend using Edge to test access as it is easier to accept certificate for portal than it is for Chrome,
Lab 11: Endpoint Profiling and Reports
Return to the command
"show device-sensor cache all"
It showed no output originally but on return there was output.
Lab 12: BYOD and My Device Portal Pt1
a) use iseiscool.png logo not gk-logo.png (not available)
b) Tried twice on GK-25
Delete mac from WLC and try again
c) Had issues with BYOD provisioning
Delete macs from WLC
No Need to trust the cert from data-srv
d) Wait when registering stolen lost 2 minutes
Lab 12: BYOD and My Device Portal Pt2
Step 10.2 in the diagram the ACL has a typo and should NOT read BYOD_PROVISIONONG. The table is correct.
Update Dec 2020
Had an issue with Network Setup Assistant would with a Red cross at the end of the install.
"Secure Access Configuration & "Network Failed" It appears to be a certificate issue from the forums.
This is a bug in the Ver 2.7 of the code, follow the new lab guide.
Lab 13: Posture & Reports Pt1
a) Keyboard # is \ shift # is |
b) Posture Conditions need patience to be seen wait or refresh
c) In Requirements use black arrow left of Edit to add a new rule
d) Install OLD Version of Avast
Lab 13: Posture & Reports Pt2
Lab 14: Compliance-Based VPN Access
a) ASA password is gklabs
b) Logoff remote pc after checking Admin PC and live logs.
There seems to be an issue with timing that is easiest done by re testing on remote PC
Lab 15: TACACS+ Device Admin
a) The "remove tacacs+ config" in notes is in the wrong folder should read WLC
Desktop\ISE\WLC\remove TACACS from WLC.txt
b) Also login to the WLC as it1 from quick connect in Secure CRT
to delete config. Will not have the priveleges as Admin
Lab 16: Additional Guest Scenarios as per the standard course Hotspot etc. See STD SISE course Lab 6:
Lab 17: Posture Using Temporal Agent
a) Login as admin to change the regedit values
b) Install old version of Avast
Lab 18:PxGrid Integration with Firepower Pt 1
a) Make sure that you do turn On & Off the VMs not easy to identify from graphic. You have to right click the icon to see the state.
b) Patience required when joining the Grid from ISE GUI
c) Easy to forget to ENABLE Realm
d) The Cert name is FMC-pxGrid-Cert (Not clear in notes)
e) tick the encrypt box when importing certificate
f) The global Exception rule in ISE is "OR" not AND
g) DONT Forget to Save cert config in FMC
Lab 18: PxGrid Integration with Firepower Pt 2
Lab 19: Trustsec Security Group Access
1 Hour 10 Mins
a) ASA needs PAC Keys manually imported
b) The PAC keys for Switch automatically generated and read by the switch
Lab 20: ISE Distributed Deploy Pt1
1 Hour 40 mins
a) Need to power on the secondary node
b) ntp server failed on setup
Did not work responded with N to re-install NTP
c) After install NTP daemon not working so "no" it to delete and add it again.
d) There was a warning when adding the ISE 2 just did it again e) with same credentials
e) It takes time for the services to show not running
f) There was a warning about VM license
Lab 20: ISE Distributed Deploy Pt2
Lab 21: PxGrid Integration Stealthwatch Pt1
1 Hour 33 mins
a) Test clear auth sessions on the L3 switch
b) interface g0/3 authentication order dot1x mab
Quite a faf to get this working dot1x would not work but managed to prove the point using MAB
Lab 21: PxGrid Integration Stealthwatch Pt2