CIBNS802.1X - Cisco Identity-Based Networking Services (IBNS) and 802.1X Deployment for Wired and Wireless

Who should attend

To fully benefit from this course, you should have knowledge of these topics:

Here are some recommended Cisco learning offerings that can help you meet these prerequisites:

By completing this class students will be able to:

Set up and configure Cisco ISE – including certificate enrollment, and RADIUS settings.
Integrate Cisco ISE with Active Directory – enabling centralized identity management and policy enforcement.
Implement 802.1X authentication policies for wired and wireless networks using Cisco ISE and network devices.
Deploy Cisco IBNS 2.0 for enhanced security and automation in access control.
Enable Guest Access using Cisco ISE’s Hotspot Portal for managed guest connectivity.
Configure MAC Authentication Bypass (MAB) for non-802.1X capable devices.
Monitor and troubleshoot network access with Cisco ISE’s diagnostic tools and session tracing.
Plan and deploy an IBNS-based network, ensuring certificate-based authentication, policy sets, and secure access control.
Implement advanced security mechanisms such as TLS and TEAP for wired and wireless authentication.

Module 1: Introduction to Cisco Identity-Based Networking Services (IBNS)

Objective: Describe Cisco IBNS for providing access control to corporate networks.
- Overview of IBNS and its components.
- Role of IBNS in securing corporate networks.
- Use cases and benefits of IBNS deployment.

Module 2: Authentication Protocols and RADIUS Communication

Objective: Describe Extensible Authentication Protocol (EAP) authentication types and methods, and the role of RADIUS in EAP communications.
- Introduction to EAP: Purpose and significance in secure network authentication.
- Types and methods of EAP:
  - EAP-TLS
  - EAP-PEAP
  - EAP-TEAP
- Role and functions of Certificates
- Role and functionality of RADIUS:
  - Authentication, Authorization, and Accounting (AAA).
  - Communication flow between endpoints, RADIUS server, and network devices.

Module 3: Configuring Cisco Network Devices for 802.1X Operation

Objective: Describe how to configure Cisco Catalyst switches, Cisco Wireless LAN Controllers (WLCs), and Cisco ISE for 802.1X operation.
- Cisco Catalyst Switch Configuration:
  - Enabling 802.1X using IBNS1 and IBNS2 commands
  - Configuring authentication methods.
  - Integrating switches with Cisco ISE.
- Cisco Wireless LAN Controller Configuration:
  - Setting up 802.1X authentication on WLCs.
  - Configuring access policies for wireless networks.
- Cisco ISE Configuration:
  - Adding network devices to Cisco ISE.
  - Configuring authentication policies and profiles.
  - Testing and verifying 802.1X authentication.
Module 4: Access Configuration for Non-Supplicant Devices
- Objective: Describe how to configure access for non-supplicant devices in an 802.1X deployment.
  - Understanding non-supplicant devices and challenges in securing them.
  - Methods for securing non-supplicant device access:
    - MAC Authentication Bypass (MAB).
    - Web authentication (WebAuth).
  - Best practices for managing non-supplicant devices in IBNS deployments.

Module 5: Post Deployment Monitoring and Troubleshooting

Objective: Describe how to Monitor and Troubleshoot Cisco IBNS Networks with Cisco ISE and 802.1X.
- Troubleshooting Endpoint Issues
- Troubleshoot Network Access Device Issues

Module 6: Planning and Deploying Cisco IBNS Networks

Objective: Describe how to plan and deploy Cisco IBNS Networks with Cisco ISE and 802.1X.
- Planning Phase:
  - Assessing network infrastructure readiness.
  - Identifying key security requirements.
  - Designing authentication and authorization policies.
- Deployment Phase:
  - Step-by-step implementation of Cisco IBNS with Cisco ISE.
  - Deployment of 802.1X across wired and wireless networks.
  - Testing and troubleshooting the deployment.
- Post-Deployment:
  - Monitoring and maintaining IBNS environments.