Cisco DoD Comply-to-Connect (C2C)

What you'll learn

The Cisco DoD Comply-to-Connect (C2C) training teaches you how to implement and deploy a Department of Defense (DoD) Comply-to-Connect network architecture using Cisco Identity Services Engine (ISE). This training covers implementation of 802.1X for both wired and wireless devices and how Cisco ISE uses that information to apply policy control and enforcement. Additionally, other topics like supplicants, non-supplicants, ISE profiler, authentication, authorization, and accounting (AAA) and public key infrastructure (PKI) support, reporting and troubleshooting are covered. Finally, C2C specific use case scenarios are covered.

This training also earns you 32 Continuing Education (CE) credits towards recertification.

How you’ll benefit

This training will help you:

  • Learn how to operate, manage, configure, and troubleshoot the Cisco C2C solution
  • Gain an understanding of how the Cisco ISE security components relate to the C2C architecture
  • Earn 32 CE credits towards recertification

This training earns you 32 Continuing Education credits towards recertification.

Who should enroll

This training is a Department of Defense mandate, ensuring compliance with cybersecurity protocols and procedures.

Technology areas

Networking

Training overview

Objectives

  • Gain an understanding of C2C fundamentals and Cisco Identity-Based Networking Services
  • Configure devices and access for 802.1X operations
  • Learn about Cisco ISE architectures, policies, and troubleshooting
  • Explain tunnel-based extensible authentication protocol (TEAP) configuration and usage with C2C
  • Examine Cisco ISE integration with public key infrastructure (PKI)
  • Gain an understanding of Secure Client ISE features and configuration for C2C
  • Explore C2C access management, profiling best practices and reports, use cases, and call admission control (CAC) authentication
  • Learn about Cisco ISE profiler service, endpoint compliance, reporting, and hardening with federal information processing standard (FIPS) mode
  • Configure profilers to support custom endpoint attributes

Prerequisites

There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are:

  • Internet web browser usability knowledge
  • Working knowledge of transmission control protocol/internet protocol (TCP/IP) networking
  • Familiarity with network management concepts such as simple network management protocol (SNMP), Syslog, and NetFlow

The following recommended Cisco offering may help you meet these prerequisites:

  • Implementing and Administering Cisco Solutions (CCNA)

Outline

  • Comply-to-Connect Fundamentals
  • Cisco Identity Based Networking Services
  • 802.1X Standard and EAP Authentication
  • Configure Devices for 802.1X Operations.
  • Configure Access for Non-802.1X Compliant Devices
  • Cisco ISE Architectures and C2C Deployment Options
  • Cisco ISE Policy Enforcement Components
  • Cisco ISE Policy Configuration
  • Troubleshooting Cisco ISE Policy and 3rd Party Support
  • Cisco ISE Policy Enforcement
  • Cisco ISE Profiler
  • MAC Authentication Bypass
  • Manual versus Group Policy Settings with TEAP
  • Explain TEAP configuration and usage with C2C
  • Cisco ISE integration with PKI Infrastructure
  • Understanding Secure Client ISE features and Configuration for C2C
  • Troubleshooting ISE Policy and Third-party NAD Support
  • Comply-to-Connect Access Management
  • Cisco ISE Profiler Service
  • Understanding Profiling with Change of Authorization (CoA)
  • Configure Profilers to support custom Endpoint Attributes
  • Comply-to-Connect Profiling Best Practices
  • Generating Comply-to-Connect Profiling Reports
  • Cisco ISE Endpoint Compliance
  • Comply-to-Connect Use Cases
  • Describe ISE Reporting
  • Describe ISE Hardening with FIPS Mode
  • Explain CAC Authentication with Comply-to-Connect

Lab outline

  • Configuring Devices for 802.1X Operation
  • Configuring Initial Cisco ISE Configuration and System Certificate Usage
  • Integrating Cisco ISE with Active Directory
  • Configuring Cisco ISE Policy for MAB
  • Configuring Cisco ISE for 802.1X
  • Configure Windows Native 802.1X supplicant with TEAP for ISE
  • Configuring Cisco Trustsec
  • Configuring ISE Profiling
  • Customizing the ISE Profiling Configuration
  • Create Cisco ISE Profiling Reports
  • Configuring Cisco ISE Compliance Services
  • Configure Client Provisioning
  • Configure Posture Policies
  • Test and Monitor Compliance-Based Access
  • Configure Cisco ISE for Basic Device Administration
  • Configure Cisco ISE Command Authorization
  • Configure Cisco CX ISE reporting tool to generate required C2C reports
  • Certificate-based Authentication for Cisco ISE Administration