CCNP Security SISAS 300-208 Official Cert Guide
- By Aaron Woland, Kevin Redmon
- Published Aug 14, 2019 by Cisco Press. Part of the Certification Guide series.
Book
- Sorry, this book is no longer in print.
Features
- Assessment, review, and practice for the CCNP Security SISAS exam (Implementing Cisco Secure Access Solutions), fully updated to align to the new exam objectives
- Book and CD are packed with features to help candidates master more difficult testing methods on the actual exams
- Practice tests contain exam-realistic questions that closely mimic the difficulty of the actual exam
- In-depth expert explanations of all protocols, commands, and technologies on the new cert exam
- Copyright 2015
- Dimensions: 7-3/8" x 9-1/8"
- Pages: 928
- Edition: 1st
- Book
- ISBN-10: 1-58714-426-3
- ISBN-13: 978-1-58714-426-4
CCNP Security SISAS 300-208 Official Cert Guide
CCNP Security SISAS 300-208 Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Cisco security experts Aaron Woland and Kevin Redmon share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.
This complete study package includes
- A test-preparation routine proven to help you pass the exam
- “Do I Know This Already?” quizzes, which enable you to decide how much time you need to spend on each section
- The powerful Pearson IT Certification Practice Testsoftware, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
- A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
- Study plan suggestions and templates to help you organize and optimize your study time
Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, video instruction, and hands-on labs, this official study guide helps you master the concepts and techniques that ensure your exam success.
Aaron T. Woland, CCIE No. 20113, is a Principal Engineer and works with the largest Cisco customers all over the world. His primary job responsibilities include Secure Access and Identity deployments with ISE, solution enhancements, standards development, and futures. Aaron is the author of Cisco ISE for BYOD and Secure Unified Access (Cisco Press) and many published white papers and design guides. He is one of the first six members of the Hall of Fame for Distinguished Speakers at Cisco Live, and is a security columnist for Network World, where he blogs on all things related to Identity.
Kevin Redmon is a Systems Test Engineer with the Cisco IoT Vertical Solutions Group, specializing in all things security. Previously with the Cisco Systems Development Unit, Kevin supported several iterations of the Cisco Validated Design Guide for BYOD and is the author of Cisco Bring Your Own Device (BYOD) Networking Live Lessons (Cisco Press). Since joining Cisco in October 2000, he has worked closely with several Cisco design organizations, and as Firewall/VPN Customer Support Engineer with the Cisco Technical Assistance Center (TAC). He holds several Cisco certifications and has an issued patent with the U.S. Patent and Trademark Office.
The official study guide helps you master topics on the CCNP Security SISAS 300-208 exam, including the following:
- Identity management/secure access
- Threat defense
- Troubleshooting, monitoring and reporting tools
- Threat defense architectures
- Identity management architectures
The CD contains 150 practice questions for the
The exciting new CCNP Security SISAS 300-208 Official Cert Guide Premium Edition and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:
- The CCNP Security SISAS 300-208 Official Cert Guide Premium Edition and Practice Test, including four complete practice exams and enhanced practice test features
- PDF and EPUB formats of the CCNP Security SISAS 300-208 Official Cert Guidefrom Cisco Press, which are accessible via your PC, tablet, and Smartphone
About the Premium Edition Practice Test
This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with four complete practice exams. This integrated learning package:
- Allows you to focus on individual topic areas or take complete, timed exams
- Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
- Provides unique sets of exam-realistic practice questions
- Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most
Pearson IT Certification Practice Test minimum system requirements:
Windows XP (SP3), Windows Vista (SP2), or Windows 7;
Microsoft .NET Framework 4.0 Client;
Microsoft SQL Server Compact 4.0;
Pentium class 1GHz processor (or equivalent);
512 MB RAM;
650 MB disc space plus 50 MB for each downloaded practice exam
Online Sample Chapter
CCNP Security SISAS 300-208 Official Cert Guide: Authentication Policies
Sample Pages
Download the sample pages (includes Chapter 10 and Index)
Table of Contents
Contents
Introduction xxxi
Part I The CCNP Certification
Chapter 1 CCNP Security Certification 3
CCNP Security Certification Overview 3
Contents of the CCNP-Security SISAS Exam 4
How to Take the SISAS Exam 5
Who Should Take This Exam and Read This Book? 6
Format of the CCNP-Security SISAS Exam 9
CCNP-Security SISAS 300-208 Official Certification Guide 10
Book Features and Exam Preparation Methods 13
Part II “The Triple A” (Authentication, Authorization, and Accounting)
Chapter 2 Fundamentals of AAA 17
“Do I Know This Already?” Quiz 18
Foundation Topics 21
Triple-A 21
Compare and Select AAA Options 21
Device Administration 21
Network Access 22
TACACS+ 23
TACACS+ Authentication Messages 25
TACACS+ Authorization and Accounting Messages 26
RADIUS 28
AV-Pairs 31
Change of Authorization 31
Comparing RADIUS and TACACS+ 32
Exam Preparation Tasks 33
Review All Key Topics 33
Define Key Terms 33
Chapter 3 Identity Management 35
“Do I Know This Already?” Quiz 35
Foundation Topics 38
What Is an Identity? 38
Identity Stores 38
Internal Identity Stores 39
External Identity Stores 41
Active Directory 42
LDAP 42
Two-Factor Authentication 43
One-Time Password Services 44
Smart Cards 45
Certificate Authorities 46
Has the Certificate Expired? 47
Has the Certificate Been Revoked? 48
Exam Preparation Tasks 51
Review All Key Topics 51
Define Key Terms 51
Chapter 4 EAP Over LAN (Also Known As 802.1X) 53
“Do I Know This Already?” Quiz 53
Foundation Topics 56
Extensible Authentication Protocol 56
EAP over LAN (802.1X) 56
EAP Types 58
Native EAP Types (Nontunneled EAP) 58
Tunneled EAP Types 59
Summary of EAP Authentication Types 62
EAP Authentication Type Identity Store Comparison Chart 62
Network Access Devices 63
Supplicant Options 63
Windows Native Supplicant 64
Cisco AnyConnect NAM Supplicant 75
EAP Chaining 89
Exam Preparation Tasks 90
Review All Key Topics 90
Define Key Terms 90
Chapter 5 Non-802.1X Authentications 93
“Do I Know This Already?” Quiz 93
Foundation Topics 97
Devices Without a Supplicant 97
MAC Authentication Bypass 98
Web Authentication 100
Local Web Authentication 101
Local Web Authentication with a Centralized Portal 102
Centralized Web Authentication 104
Remote Access Connections 106
Exam Preparation Tasks 107
Review All Key Topics 107
Define Key Terms 107
Chapter 6 Introduction to Advanced Concepts 109
“Do I Know This Already?” Quiz 109
Foundation Topics 113
Change of Authorization 113
Automating MAC Authentication Bypass 113
Posture Assessments 117
Mobile Device Managers 118
Exam Preparation Tasks 120
Review All Key Topics 120
Define Key Terms 120
Part III Cisco Identity Services Engine
Chapter 7 Cisco Identity Services Engine Architecture 123
“Do I Know This Already?” Quiz 123
Foundation Topics 127
What Is Cisco ISE? 127
Personas 129
Administration Node 129
Policy Service Node 129
Monitoring and Troubleshooting Node 130
Inline Posture Node 130
Physical or Virtual Appliance 131
ISE Deployment Scenarios 133
Single-Node Deployment 133
Two-Node Deployment 135
Four-Node Deployment 136
Fully Distributed Deployment 137
Communication Between Nodes 138
Exam Preparation Tasks 148
Review All Key Topics 148
Define Key Terms 148
Chapter 8 A Guided Tour of the Cisco ISE Graphical User Interface 151
“Do I Know This Already?” Quiz 151
Foundation Topics 155
Logging In to ISE 155
Initial Login 155
Administration Dashboard 161
Administration Home Page 162
Server Information 162
Setup Assistant 163
Help 163
Organization of the ISE GUI 164
Operations 165
Authentications 165
Reports 169
Endpoint Protection Service 170
Troubleshoot 171
Policy 173
Authentication 173
Authorization 173
Profiling 174
Posture 175
Client Provisioning 175
Security Group Access 176
Policy Elements 177
Administration 178
System 178
Identity Management 183
Network Resources 186
Web Portal Management 189
Feed Service 191
Type of Policies in ISE 192
Authentication 192
Authorization 193
Profiling 193
Posture 193
Client Provisioning 193
Security Group Access 193
Exam Preparation Tasks 195
Review All Key Topics 195
Define Key Terms 195
Chapter 9 Initial Configuration of Cisco ISE 197
“Do I Know This Already?” Quiz 197
Foundation Topics 201
Cisco Identity Services Engine Form Factors 201
Bootstrapping Cisco ISE 201
Where Are Certificates Used with the Cisco Identity Services Engine? 204
Self-Signed Certificates 206
CA-Signed Certificates 206
Network Devices 216
Network Device Groups 216
Network Access Devices 217
Local User Identity Groups 218
Local Endpoint Groups 219
Local Users 220
External Identity Stores 220
Active Directory 221
Prerequisites for Joining an Active Directory Domain 221
Joining an Active Directory Domain 222
Certificate Authentication Profile 226
Identity Source Sequences 227
Exam Preparation Tasks 230
Review All Key Topics 230
Chapter 10 Authentication Policies 233
“Do I Know This Already?” Quiz 233
Foundation Topics 237
The Relationship Between Authentication and Authorization 237
Authentication Policy 237
Goals of an Authentication Policy 238
Goal 1–Accept Only Allowed Protocols 238
Goal 2–Select the Correct Identity Store 238
Goal 3–Validate the Identity 239
Goal 4–Pass the Request to the Authorization Policy 239
Understanding Authentication Policies 239
Conditions 241
Allowed Protocols 243
Extensible Authentication Protocol Types 245
Tunneled EAP Types 245
Identity Store 247
Options 247
Common Authentication Policy Examples 248
Using the Wireless SSID 248
Remote Access VPN 251
Alternative ID Stores Based on EAP Type 253
More on MAB 255
Restore the Authentication Policy 257
Exam Preparation Tasks 258
Review All Key Topics 258
Chapter 11 Authorization Policies 261
“Do I Know This Already?” Quiz 261
Foundation Topics 265
Authentication Versus Authorization 265
Authorization Policies 265
Goals of Authorization Policies 265
Understanding Authorization Policies 266
Role-specific Authorization Rules 271
Authorization Policy Example 272
Employee Full Access Rule 272
Internet Only for Smart Devices 274
Employee Limited Access Rule 277
Saving Conditions for Reuse 279
Combining AND with OR Operators 281
Exam Preparation Tasks 287
Review All Key Topics 287
Define Key Terms 287
Part IV Implementing Secure Network Access
Chapter 12 Implement Wired and Wireless Authentication 289
“Do I Know This Already?” Quiz 290
Foundation Topics 293
Authentication Configuration on Wired Switches 293
Global Configuration AAA Commands 293
Global Configuration RADIUS Commands 294
IOS 12.2.X 294
IOS 15.X 295
Both IOS 12.2.X and 15.X 296
Global 802.1X Commands 297
Creating Local Access Control Lists 297
Interface Configuration Settings for All Cisco Switches 298
Configuring Interfaces as Switchports 299
Configuring Flexible Authentication and High Availability 299
Host Mode of the Switchport 302
Configuring Authentication Settings 303
Configuring Authentication Timers 305
Applying the Initial ACL to the Port and Enabling Authentication 305
Authentication Configuration on WLCs 306
Configuring the AAA Servers 306
Adding the RADIUS Authentication Servers 306
Adding the RADIUS Accounting Servers 308
Configuring RADIUS Fallback (High-Availability) 309
Configuring the Airespace ACLs 310
Creating the Web Authentication Redirection ACL 310
Creating the Posture Agent Redirection ACL 313
Creating the Dynamic Interfaces for the Client VLANs 315
Creating the Guest Dynamic Interface 317
Creating the Wireless LANs 318
Creating the Guest WLAN 319
Creating the Corporate SSID 324
Verifying Dot1X and MAB 329
Endpoint Supplicant Verification 329
Network Access Device Verification 329
Verifying Authentications with Cisco Switches 329
Sending Syslog to ISE 332
Verifying Authentications with Cisco WLCs 334
Cisco ISE Verification 336
Live Authentications Log 336
Live Sessions Log 337
Looking Forward 338
Exam Preparation Tasks 339
Review All Key Topics 339
Define Key Terms 339
Chapter 13 Web Authentication 341
“Do I Know This Already?” Quiz 341
Foundation Topics 345
Web Authentication Scenarios 345
Local Web Authentication 346
Centralized Web Authentication 346
Device Registration WebAuth 349
Configuring Centralized Web Authentication 350
Cisco Switch Configuration 350
Configuring Certificates on the Switch 350
Enabling the Switch HTTP/HTTPS Server 350
Verifying the URL-Redirection ACL 351
Cisco WLC Configuration 352
Validating That MAC Filtering Is Enabled on the WLAN 352
Validating That Radius NAC Is Enabled on the WLAN 352
Validate That the URL-Redirection ACL Is Configured 353
Captive Portal Bypass 354
Configuring ISE for Centralized Web Authentication 355
Configuring MAB for the Authentication 355
Configuring the Web Authentication Identity Source Sequence 356
Configuring a dACL for Pre-WebAuth Authorization 357
Configuring an Authorization Profile 359
Building CWA Authorization Policies 360
Creating the Rule to Redirect to CWA 360
Creating the Rules to Authorize Users Who Authenticate via CWA 361
Creating the Guest Rule 361
Creating the Employee Rule 362
Configuring Device Registration Web Authentication 363
Creating the Endpoint Identity Group 363
Creating the DRW Portal 364
Creating the Authorization Profile 365
Creating the Rule to Redirect to DRW 367
Creating the Rule to Authorize DRW-Registered Endpoints 368
Verifying Centralized Web Authentication 369
Checking the Experience from the Client 369
Checking on ISE 372
Checking the Live Log 372
Checking the Endpoint Identity Group 373
Checking the NAD 374
show Commands on the Wired Switch 374
Viewing the Client Details on the WLC 375
Exam Preparation Tasks 377
Review All Key Topics 377
Chapter 14 Deploying Guest Services 379
“Do I Know This Already?” Quiz 379
Foundation Topics 383
Guest Services Overview 383
Guest Services and WebAuth 383
Portal Types 384
Configuring the Web Portal Settings 389
Port Numbers 390
Interfaces 391
Friendly Names 391
Configuring the Sponsor Portal Policies 392
Sponsor Types 393
Mapping Groups 396
Guest User Types 398
Managing Guest Portals 398
Portal Types 399
Building Guest Authorization Policies 400
Provisioning Guest Accounts from a Sponsor Portal 416
Individual 416
Random 417
Import 418
Verifying Guest Access on the WLC/Switch 419
WLC 419
Exam Preparation Tasks 439
Review All Key Topics 439
Define Key Terms 439
Chapter 15 Profiling 441
“Do I Know This Already?” Quiz 441
Foundation Topics 445
ISE Profiler 445
Cisco ISE Probes 447
Probe Configuration 447
DHCP and DHCPSPAN 449
RADIUS 452
Network Scan 453
DNS 454
SNMPQUERY and SNMPTRAP 455
NETFLOW 457
HTTP Probe 457
HTTP Profiling Without Probes 459
Infrastructure Configuration 459
DHCP Helper 459
SPAN Configuration 460
VLAN Access Control Lists 461
Device Sensor 462
VMware Configurations to Allow Promiscuous Mode 463
Profiling Policies 464
Profiler Feed Service 464
Configuring the Profiler Feed Service 465
Verifying the Profiler Feed Service 465
Endpoint Profile Policies 467
Logical Profiles 478
ISE Profiler and CoA 478
Global CoA 479
Per-profile CoA 480
Global Profiler Settings 481
Endpoint Attribute Filtering 482
Profiles in Authorization Policies 482
Endpoint Identity Groups 483
EndPoint Policy 486
Verify Profiling 486
The Dashboard 486
Endpoints Drill-down 487
Global Search 488
Endpoint Identities 489
Device Sensor Show Commands 491
Exam Preparation Tasks 492
Review All Key Topics 492
Part V Advanced Secure Network Access
Chapter 16 Certificate-Based User Authentications 495
“Do I Know This Already?” Quiz 495
Foundation Topics 499
Certificate Authentication Primer 499
Determine Whether a Trusted Authority Has Signed the Digital Certificate 499
Examine Both the Start and End Dates to Determine Whether the Certificate Has Expired 501
Verify Whether the Certificate Has Been Revoked 502
Validate That the Client Has Provided Proof of Possession 504
A Common Misconception About Active Directory 505
EAP-TLS 506
Configuring ISE for Certificate-Based Authentications 506
Validate Allowed Protocols 507
Certificate Authentication Profile 508
Verify That the Authentication Policy Is Using CAP 509
Authorization Policies 511
Ensuring the Client Certificates Are Trusted 512
Importing the Certificate Authority’s Public Certificate 513
Configuring Certificate Status Verification (optional) 515
Verifying Certificate Authentications 516
Exam Preparation Tasks 520
Review All Key Topics 520
Define Key Terms 520
Chapter 17 Bring Your Own Device 523
“Do I Know This Already?” Quiz 524
Foundation Topics 528
BYOD Challenges 528
Onboarding Process 529
BYOD Onboarding 529
Dual SSID 530
Single SSID 531
Configuring NADs for Onboarding 532
Configuring the WLC for Dual-SSID Onboarding 532
Reviewing the WLAN Configuration 532
Verifying the Required ACLs 535
ISE Configuration for Onboarding 538
The End User Experience 539
Single-SSID with Apple iOS Example 539
Dual SSID with Android Example 549
Unsupported Mobile Device–Blackberry Example 555
Configuring ISE for Onboarding 557
Creating the Native Supplicant Profile 557
Configuring the Client Provisioning Policy 559
Configuring the WebAuth 561
Verifying Default Unavailable Client Provisioning Policy Action 562
Creating the Authorization Profiles 563
Creating the Authorization Rules for Onboarding 565
Creating the Authorization Rules for the EAP-TLS Authentications 566
Configuring SCEP 567
BYOD Onboarding Process Detailed 570
iOS Onboarding Flow 570
Phase 1: Device Registration 570
Phase 2: Device Enrollment 571
Phase 3: Device Provisioning 572
Android Flow 573
Phase 1: Device Registration 573
Phase 2: Download SPW 575
Phase 3: Device Provisioning 576
Windows and Mac OSX Flow 577
Phase 1: Device Registration 578
Phase 2: Device Provisioning 579
Verifying BYOD Flows 581
Live Log 581
Reports 581
Identities 582
MDM Onboarding 583
Integration Points 583
Configuring MDM Integration 584
Configuring MDM Onboarding Rules 586
Creating the Authorization Profile 586
Creating the Authorization Rules 588
Managing Endpoints 590
Self Management 590
Administrative Management 593
The Opposite of BYOD: Identify Corporate Systems 593
Exam Preparation Tasks 595
Review All Key Topics 595
Define Key Terms 595
Chapter 18 TrustSec and MACSec 597
“Do I Know This Already?” Quiz 597
Foundation Topics 601
Ingress Access Control Challenges 601
VLAN Assignment 601
Ingress Access Control Lists 603
What Is TrustSec? 605
What Is a Security Group Tag? 606
Defining the SGTs 607
Classification 609
Dynamically Assigning SGT via 802.1X 610
Manually Assigning SGT at the Port 611
Manually Binding IP Addresses to SGTs 611
Access Layer Devices That Do Not Support SGTs 612
Mapping a Subnet to an SGT 613
Mapping a VLAN to an SGT 613
Transport: Security Group Exchange Protocol 613
SXP Design 614
Configuring SXP on IOS Devices 615
Configuring SXP on Wireless LAN Controllers 617
Configuring SXP on Cisco ASA 619
Verifying SXP Connections in ASDM 620
Transport: Native Tagging 621
Configuring Native SGT Propagation (Tagging) 622
Configuring SGT Propagation on Cisco IOS Switches 623
Configuring SGT Propagation on a Catalyst 6500 625
Configuring SGT Propagation on a Nexus Series Switch 627
Enforcement 628
SGACL 629
Security Group Firewalls 631
Security Group Firewall on the ASA 632
Security Group Firewall on the ISR and ASR 632
MACSec 632
Downlink MACSec 634
Switch Configuration Modes 636
ISE Configuration 637
Uplink MACSec 638
Manually Configuring Uplink MACSec 638
Verifying the Manual Configuration 640
Exam Preparation Tasks 642
Review All Key Topics 642
Define Key Terms 642
Chapter 19 Posture Assessment 645
“Do I Know This Already?” Quiz 645
Foundation Topics 648
Posture Service Overview 648
Posture Flow 649
Agent Types 650
Posture Conditions 652
CoA with Posture 654
Configuring Posture 655
Downloading CPP Resources 656
Client Provisioning Policy 657
Posture Policy Building Blocks 658
Condition 659
Remediation 661
Requirement 662
Modifying the Authorization Policy for CPP 663
Modifying the Authorization Policy for Compliance 666
Verifying Posture and Redirect 667
Exam Preparation Tasks 675
Review All Key Topics 675
Define Key Terms 675
Part VI Safely Deploying in the Enterprise
Chapter 20 Deploying Safely 677
“Do I Know This Already?” Quiz 677
Foundation Topics 680
Why Use a Phased Approach? 680
A Phased Approach 681
Comparing Authentication Open to Standard 802.1X 682
Preparing ISE for a Staged Deployment 683
Monitor Mode 685
Low-Impact Mode 689
Closed Mode 692
Transitioning from Monitor Mode to Your End State 695
Wireless Networks 695
Exam Preparation Tasks 696
Review All Key Topics 696
Chapter 21 ISE Scale and High Availability 699
“Do I Know This Already?” Quiz 699
Foundation Topics 702
Configuring ISE Nodes in a Distributed Environment 702
Making the First Node a Primary Device 702
Registering an ISE Node to the Deployment 703
Ensuring the Personas of All Nodes Are Accurate 706
Licensing in a Multinode ISE Cube 706
Understanding the HA Options Available 707
Primary and Secondary Nodes 707
Monitoring and Troubleshooting Nodes 707
Policy Administration Nodes 709
Node Groups 710
Using Load Balancers 713
General Guidelines 713
Failure Scenarios 714
IOS Load Balancing 715
Maintaining ISE Deployments 716
Patching ISE 716
Backup and Restore 718
Exam Preparation Tasks 720
Review All Key Topics 720
Define Key Terms 720
Chapter 22 Troubleshooting Tools 723
“Do I Know This Already?” Quiz 723
Foundation Topics 726
Logging 726
Live Log 726
Live Sessions Log 728
Logging and Remote Logging 729
Logging Targets 729
Logging Categories 730
Debug Logs 731
Downloading Debug Logs from the GUI 732
Viewing Log Files from the CLI 733
Support Bundles 734
Diagnostics Tools 735
Evaluate Configuration Validator 735
RADIUS Authentication Troubleshooting Tool 739
TCP Dump 741
Ensuring Live Log Displays All Events (Bypassing Suppression) 746
Disabling Suppression 747
Troubleshooting Outside of ISE 748
Endpoint Diagnostics 748
AnyConnect Diagnostics and Reporting Tool 748
AnyConnect NAM Extended Logging 751
Microsoft Native Supplicant 752
Supplicant Provisioning Logs 753
Network Device Troubleshooting 753
The Go-To: show authentication session interface 753
Viewing Client Details on the WLC 754
Debug Commands 755
Exam Preparation Tasks 756
Review All Key Topics 756
Part VII Final Preparation
Chapter 23 Final Preparation 759
Advice About the Exam Event 759
Learning the Question Types Using the Cisco Certification Exam Tutorial 759
Thinking About Your Time Budget Versus Number of Questions 760
A Suggested Time-Check Method 761
Miscellaneous Pre-Exam Suggestions 762
Exam-Day Advice 762
Exam Review 763
Taking Practice Exams 763
Practicing Taking the SISAS Exam 764
Advice on How to Answer Exam Questions 765
Taking Other Practice Exams 766
Finding Knowledge Gaps Through Question Review 767
Other Study Tasks 769
Final Thoughts 770
Part VIII Appendixes
Appendix A Answers to the “Do I Know This Already?” Quizzes 773
Appendix B Configuring the Microsoft CA for BYOD 795
CA Requirements 795
Other Useful Information 795
Microsoft Hotfixes 796
AD Account Roles 796
Configuration Steps 796
Installing the CA 796
Adding the Remaining Roles 804
Configuring the Certificate Template 809
Publishing the Certificate Template 814
Editing the Registry 816
Useful Links 819
Appendix C Using the Dogtag CA for BYOD 821
What Is Dogtag, and Why Use It? 821
Prerequisites 821
Installing 32-bit Fedora 15 821
Configuring Networking 823
Installing Packages with yum 825
Configuring Proxy (if Needed) 825
Updating System Packages with yum 826
Installing and Configuring the NTP Service 826
Installing the LDAP Server 827
Installing the PHP Services 828
Installing and Configuring Dogtag 829
Modifying the Firewall Rules (iptables) 830
Creating a New CA Instance 830
Enabling and Configuring SCEP 840
Preparing Apache 841
Configuring ISE to Use the New Dogtag CA 842
Adding Dogtag to the SCEP RA Profiles 843
Appendix D Sample Switch Configurations 845
Catalyst 2960/3560/3750 Series, 12.2(55)SE 845
Catalyst 3560/3750 Series, 15.0(2)SE 848
Catalyst 4500 Series, IOS-XE 3.3.0/15.1(1)SG 852
Catalyst 6500 Series, 12.2(33)SXJ 856
Glossary 861
Index 868
Errata
We've made every effort to ensure the accuracy of this book and its companion content. Any errors that have been confirmed since this book was published can be downloaded below.
Download the errata (52 KB .doc)
Submit Errata
Other Things You Might Like
- Securing Enterprise Networks with Cisco Meraki
- eBook $55.99
- Securing Enterprise Networks with Cisco Meraki
- Book $55.99