ISE is actually in my opinion more like ACS 5.X without TACACS+ but with additional new features. TrustSec (The term used for ISE architecture) is actually more like NAC Framework in my opinion as the NAD is used as the enforcement point much like NAC framework. You will never see an ISE appliance running in inline mode it is always a RADIUS authorization point pushing policies to NAD. So in this regard it is actually somewhat of an advantage that you get pounded with NAC framework in the IPexpert workbooks because you will have a good start with understanding the implementation of TrustSec.
Now obviously there are a lot more features and the integration with the Anyconnect client is much better than NAC Framework but it is not something that should be implemented without a good game plan. There are many things that can be used like profiling of devices on the network to better roll it out and not affect devices that do not support supplicants. In my opinion it is finally a product that is ready for prime time unlike its predecessors that were really never fully baked. I think there still needs to be a little more work in helping with the a successful rollout but it is better than it has ever been before. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Richard Chan Sent: Thursday, June 23, 2011 9:20 PM To: CCIE Security Maillist Subject: [OSL | CCIE_Security] [OT] Has any one tried Cisco ISE 1.0? Has anyone tried Cisco ISE 1.0 in testing or production? Any comments on it's usefulness? It seems to be a hybrid between the Secure ACS 5.x series and NAC Appliance. Do you get the best of both worlds or are there situations where you would still prefer the specialized products (NAC Appliance, ACS 5.2). For the agent-side, ISE seems to be reusing the Cisco NAC Agent so all current Windows platforms are covered (c.f. NAC Framework - CTA was only updated to Windows XP and just EoL'ed.). Regards Richard
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
