” Quiz 93 Foundation Topics 97 Devices Without a Supplicant 97 MAC Authentication Bypass 98 Web Authentication 100 Local Web Authentication 101 Local Web Authentication with a Centralized Portal 102 Centralized Web Authentication 104 Remote Access Connections 106 Exam Preparation Tasks 107 Review All Key Topics 107 Define Key Terms 107 Chapter 6 Introduction to Advanced Concepts 109 “Do I Know This Already?” Quiz 109 Foundation Topics 113 Change of Authorization 113 Automating MAC Authentication Bypass 113 Posture Assessments 117 Mobile Device Managers 118 Exam Preparation Tasks 120 Review All Key Topics 120 Define Key Terms 120 Part III Cisco Identity Services Engine Chapter 7 Cisco Identity Services Engine Architecture 123 “Do I Know This Already?” Quiz 723 Foundation Topics 726 Logging 726 Live Log 726 Live Sessions Log 728 Logging and Remote Logging 729 Logging Targets 729 Logging Categories 730 Debug Logs 731 Downloading Debug Logs from the GUI 732 Viewing Log Files from the CLI 733 Support Bundles 734 Diagnostics Tools 735 Evaluate Configuration Validator 735 RADIUS Authentication Troubleshooting Tool 739 TCP Dump 741 Ensuring Live Log Displays All Events (Bypassing Suppression) 746 Disabling Suppression 747 Troubleshooting Outside of ISE 748 Endpoint Diagnostics 748 Any Connect Diagnostics and Reporting Tool 748 Any Connect NAM Extended Logging 751 Microsoft Native Supplicant 752 Supplicant Provisioning Logs 753 Network Device Troubleshooting 753 The Go-To: show authentication session interface 753 Viewing Client Details on the WLC 754 Debug Commands 755 Exam Preparation Tasks 756 Review All Key Topics 756 Part VII Final Preparation Chapter 23 Final Preparation 759 Advice About the Exam Event 759 Learning the Question Types Using the Cisco Certification Exam Tutorial 759 Thinking About Your Time Budget Versus Number of Questions 760 A Suggested Time-Check Method 761 Miscellaneous Pre-Exam Suggestions 762 Exam-Day Advice 762 Exam Review 763 Taking Practice Exams 763 Practicing Taking the SISAS Exam 764 Advice on How to Answer Exam Questions 765 Taking Other Practice Exams 766 Finding Knowledge Gaps Through Question Review 767 Other Study Tasks 769 Final Thoughts 770 Part VIII Appendixes Appendix A Answers to the “Do I Know This Already?” Quizzes 773 Appendix B Configuring the Microsoft CA for BYOD 795 CA Requirements 795 Other Useful Information 795 Microsoft Hotfixes 796 AD Account Roles 796 Configuration Steps 796 Installing the CA 796 Adding the Remaining Roles 804 Configuring the Certificate Template 809 Publishing the Certificate Template 814 Editing the Registry 816 Useful Links 819 Appendix C Using the Dogtag CA for BYOD 821 What Is Dogtag, and Why Use It?NET Framework 4.0 Client; Microsoft SQL Server Compact 4.0; Pentium class 1GHz processor (or equivalent); 512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam CCNP Security SISAS 300-208 Official Cert Guide: Authentication Policies Download the sample pages (includes Chapter 10 and Index) Contents Introduction xxxi Part I The CCNP Certification Chapter 1 CCNP Security Certification 3 CCNP Security Certification Overview 3 Contents of the CCNP-Security SISAS Exam 4 How to Take the SISAS Exam 5 Who Should Take This Exam and Read This Book?6 Format of the CCNP-Security SISAS Exam 9 CCNP-Security SISAS 300-208 Official Certification Guide 10 Book Features and Exam Preparation Methods 13 Part II “The Triple A” (Authentication, Authorization, and Accounting) Chapter 2 Fundamentals of AAA 17 “Do I Know This Already?
” Quiz 53 Foundation Topics 56 Extensible Authentication Protocol 56 EAP over LAN (802.1X) 56 EAP Types 58 Native EAP Types (Nontunneled EAP) 58 Tunneled EAP Types 59 Summary of EAP Authentication Types 62 EAP Authentication Type Identity Store Comparison Chart 62 Network Access Devices 63 Supplicant Options 63 Windows Native Supplicant 64 Cisco Any Connect NAM Supplicant 75 EAP Chaining 89 Exam Preparation Tasks 90 Review All Key Topics 90 Define Key Terms 90 Chapter 5 Non-802.1X Authentications 93 “Do I Know This Already?” Quiz 261 Foundation Topics 265 Authentication Versus Authorization 265 Authorization Policies 265 Goals of Authorization Policies 265 Understanding Authorization Policies 266 Role-specific Authorization Rules 271 Authorization Policy Example 272 Employee Full Access Rule 272 Internet Only for Smart Devices 274 Employee Limited Access Rule 277 Saving Conditions for Reuse 279 Combining AND with OR Operators 281 Exam Preparation Tasks 287 Review All Key Topics 287 Define Key Terms 287 Part IV Implementing Secure Network Access Chapter 12 Implement Wired and Wireless Authentication 289 “Do I Know This Already? ” Quiz 341 Foundation Topics 345 Web Authentication Scenarios 345 Local Web Authentication 346 Centralized Web Authentication 346 Device Registration Web Auth 349 Configuring Centralized Web Authentication 350 Cisco Switch Configuration 350 Configuring Certificates on the Switch 350 Enabling the Switch HTTP/HTTPS Server 350 Verifying the URL-Redirection ACL 351 Cisco WLC Configuration 352 Validating That MAC Filtering Is Enabled on the WLAN 352 Validating That Radius NAC Is Enabled on the WLAN 352 Validate That the URL-Redirection ACL Is Configured 353 Captive Portal Bypass 354 Configuring ISE for Centralized Web Authentication 355 Configuring MAB for the Authentication 355 Configuring the Web Authentication Identity Source Sequence 356 Configuring a d ACL for Pre-Web Auth Authorization 357 Configuring an Authorization Profile 359 Building CWA Authorization Policies 360 Creating the Rule to Redirect to CWA 360 Creating the Rules to Authorize Users Who Authenticate via CWA 361 Creating the Guest Rule 361 Creating the Employee Rule 362 Configuring Device Registration Web Authentication 363 Creating the Endpoint Identity Group 363 Creating the DRW Portal 364 Creating the Authorization Profile 365 Creating the Rule to Redirect to DRW 367 Creating the Rule to Authorize DRW-Registered Endpoints 368 Verifying Centralized Web Authentication 369 Checking the Experience from the Client 369 Checking on ISE 372 Checking the Live Log 372 Checking the Endpoint Identity Group 373 Checking the NAD 374 show Commands on the Wired Switch 374 Viewing the Client Details on the WLC 375 Exam Preparation Tasks 377 Review All Key Topics 377 Chapter 14 Deploying Guest Services 379 “Do I Know This Already?” Quiz 290 Foundation Topics 293 Authentication Configuration on Wired Switches 293 Global Configuration AAA Commands 293 Global Configuration RADIUS Commands 294 IOS 12.2. ” Quiz 379 Foundation Topics 383 Guest Services Overview 383 Guest Services and Web Auth 383 Portal Types 384 Configuring the Web Portal Settings 389 Port Numbers 390 Interfaces 391 Friendly Names 391 Configuring the Sponsor Portal Policies 392 Sponsor Types 393 Mapping Groups 396 Guest User Types 398 Managing Guest Portals 398 Portal Types 399 Building Guest Authorization Policies 400 Provisioning Guest Accounts from a Sponsor Portal 416 Individual 416 Random 417 Import 418 Verifying Guest Access on the WLC/Switch 419 WLC 419 Exam Preparation Tasks 439 Review All Key Topics 439 Define Key Terms 439 Chapter 15 Profiling 441 “Do I Know This Already?This complete study package includes Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this official study guide helps you master the concepts and techniques that ensure your exam success. His primary job responsibilities include Secure Access and Identity deployments with ISE, solution enhancements, standards development, and futures.Aaron is the author of Cisco ISE for BYOD and Secure Unified Access (Cisco Press) and many published white papers and design guides.” Quiz 123 Foundation Topics 127 What Is Cisco ISE?