Comparing Cisco NAC Solutions: Identity Services Engine (ISE), Network Admission Control (NAC) and ACS.

Many people have invested into an automated access control solution from Cisco. In the past, Cisco offered NAC Framework and NAC appliance. There are Cisco press books explaining NAC Framework as the go to enterprise solution utilizing the network as the enforcement point while NAC appliance was the simple “turn-key” solution leveraging SNMP or in-band / bump in the wire type designs. Eventually Framework died and was replaced by an 802.1x-based solution. The release of ACS 5.0 added new features for 802.1x authentication, which left customers with the option to have remediation using the NAC Appliance solution or only authentication with the 802.1x NAC solution.

Cisco found that they had some gaps in their NAC solutions and eventually added bolt on products to their appliance and 802.1x offerings. To manage non-NAC capable devices, which include printers, card readers, X-boxes, IP-phones, etc., Cisco re-branded Great Bay Software’s Beacon appliance as Cisco Profiler. Another gap was around sponsoring guest users, which Cisco offered Cisco Guest server as an additional appliance to handle advanced guest user features.

This spring, Cisco released their latest access control solution Identity Services Engine (ISE). ISE takes on the features of NAC appliance, ACS 802.1x, Cisco Profiler and Cisco Guest server. ISE can be purchased as a VMware or appliance and licensed centrally which is different from how NAC appliance was sold. Smaller networkers can utilize one appliance or VMware to provide what use to be multiple appliances, which saves money as well as centralizes management. Mid to larger deployments can scale by breaking out the functions of ISE into separate Vmware / appliance components. If customers need to support none 802.1x COA switches, hubs or VPN concentrators, they will need to purchase a separate ISE iPEP appliance which cannot be virtualized or include any other ISE functions.

There are some features that are not available in the ISE 1.0 release. ACS customers who use TACACS/Radius support for network device management and 802.1x NAC will need to keep their ACS solutions for device management while ISE can take over the 802.1x NAC function. Another feature missing is the ability to intergrade ACS or NAC with ISE. These and other features are rumored to be road mapped into the solution as well as advancements in profiling to enhance how ISE identifies devices accessing the network. More information on Cisco ISE, NAC appliance and ACS can be found on the NAC links in this blog.

VN:F [1.9.22_1171]
Rating: 4.7/5 (10 votes cast)
Comparing Cisco NAC Solutions: Identity Services Engine (ISE), Network Admission Control (NAC) and ACS., 4.7 out of 5 based on 10 ratings

3 thoughts on “Comparing Cisco NAC Solutions: Identity Services Engine (ISE), Network Admission Control (NAC) and ACS.”

  1. I believe you are asking for more details on ISE, NAC and ACS. I plan to write a “How to migrate” blog in the near future which will include some tips and potholes to avoid.

    VN:F [1.9.22_1171]
    Rating: 1.0/5 (1 vote cast)
  2. In search of seeking for a short time for any good quality view involving this one point . Researching in Search engines I eventually have discovered this page. Reading this So i’m thrilled to say that I have a really good sense I discovered just what I was looking for. For certain i will make sure to don’t forget this web-site and check it out constantly.
    My blog is on Health fitness.

    VA:F [1.9.22_1171]
    Rating: 1.0/5 (1 vote cast)
  3. Backing up your data is extremely essential. No matter if you are a businessman or just a regular computer user, you know that there are files that are absolutely very important for you. There are instances wherein you will eventually lose those significant pieces of information. Most of the time, the problem here is that you can no longer retrieve those files. Business executives will then find this very frustrating because almost all of the files are crucial for the success of the company. Thus, your best defense here is to make use of backup software that will support your files and ensure that you will not lose those precious data on your computer. There are numerous applications that can aid you in storing backups for your data thereby making it critical for you to compare backup data solutions.
    William Spearman

    VA:F [1.9.22_1171]
    Rating: 1.0/5 (1 vote cast)

Leave a Reply to admin Cancel reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.