Cisco Identity Services Engine 1.1 Update Is Now Available – Some Details On The Release | ISE

Cisco Identity Solutions Engine 1.1 Update Is Now Available ISE

ISEISE 1.04

ISE 1.1

Cisco recently released the latest update for Identity Solutions Engine (ISE). Below are some features and findings. My team has been running this in the lab for a while and so far it’s been rock solid. For those who have seen Cisco Prime Network Control System (NCS), the ISE GUI now has the same theme (see the pictures above and below).

ISE 1.04

ISE 1.1

FEATURES

  • Common Criteria Certification – This release will be submitted for Common Criteria Certification, which is a requirement for many federal agencies.
  • FIPSISE 802.1x services with Common Access Card (CAC) including NAC & AnyConnect Agent
  • IOS Sensor on 15.0(1) SE1 for Cat 3000 and IOS 15.1(1) SG for CAT 4000. This is a huge for Profiling since it’s the first time Cisco is leveraging the switches for profiling data rather than probing from the ISE server down (like all other profiling type solutions). It makes sense to do this since typical information being probed is already available on switches.* Catalyst 2000 support and DHCP data for IOS Sensor will come later.
  • Active Endpoint Scanning – Manual scan and specific scan action per profile template
  • Endpoint protection services aka (Blacklisting devices) – Enable administrators to quarantine devices by IP or MAC address.

  • Multiple language support for guest, sponsor and client provisioning portals.
  • NAC agent, AnyConnect NAM client, ISE user input fields and reports.
  • Guest without Logon (Device registration WebAuth). Simple URL for Sponsor Portal Access (A simple, short link). Custom Portal Theme
  • OCSP Support
  • NTP Server authentication
  • External Authentication for Administrators (including CAC)
  • ISE VM Appliance will include VMWare Tools
  • SGA Out Of Band PAC Provisioning
  • SGACL Monitor Mode
  • NMAP added to profiling

SOME OTHER THINGS TO NOTE ABOUT THE ISE 1.1 RELEASE:

  • There are some Internet Explorer 8 problems that are performance related. The current release notes claim “be patient” and “click several times”.
  • There are some disk space and performance issues on the UCS SATA-2 storage systems.
  • We have been running it on vshpare 5.0 without a problem even though 4 is the supported platform. Same goes for ISE 1.04
  • ISE IPEP will need to be disconnect and use Certificate Based Authetnication to connect to a PAP prior to upgrade  http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html#wp248769 – IPEP Bug CSCtu39612

ISE 1.1 release notes can be found HERE

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)
Cisco Identity Services Engine 1.1 Update Is Now Available - Some Details On The Release | ISE, 5.0 out of 5 based on 2 ratings

5 thoughts on “Cisco Identity Services Engine 1.1 Update Is Now Available – Some Details On The Release | ISE”

  1. You said you were able to install on “vshpare 5.0”. I’m assuming your hypervisor was ESX/ESXi 5.0? Just wondering how you were able to since I’m trying to install on ESXi 5.0 and cannot get past booting off of the CD. The bootup goes to a kernel panic complaining about the file system not being provisioned correctly.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  2. Hi Eric,

    Yes we are running ESX 5. It could be a hardware compatibility or storage issue.

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  3. Forgot about NMAP … just added it to the post

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.