https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/3330236#M551740 <P>Dear All, I have a a question regarding ISE deployment.</P> <P>&nbsp;</P> <P>Is it possible to have in the same network the following features all enabled;</P> <P>1.RADIUS AAA, including 802.1x, MAC Authentication Bypass Done<BR /><BR />2.&nbsp;&nbsp; &nbsp;Web authentication (local, central, device registration) <BR /><BR />3.&nbsp;&nbsp; &nbsp;MACsec <BR /><BR />4.&nbsp;&nbsp; &nbsp;SSO <BR /><BR />5.&nbsp;&nbsp; &nbsp;Guest portal and sponsor services <BR /><BR />6.&nbsp;&nbsp; &nbsp;Representational state transfer (monitoring) APIs <BR /><BR />7.&nbsp;&nbsp; &nbsp;External RESTful services (CRUD)-capable APIs <BR /><BR />8.&nbsp;&nbsp; &nbsp;Security group tagging <BR />9.&nbsp;&nbsp; &nbsp;PassiveID (Cisco Subscribers) <BR /><BR />10.&nbsp;&nbsp; &nbsp;Passive ID (Non-Cisco Subscribers) <BR /><BR />11.&nbsp;&nbsp; &nbsp;Profiling <BR /><BR />12.&nbsp;&nbsp; &nbsp;Profiler feed service <BR /><BR />13.&nbsp;&nbsp; &nbsp;Device registration (My Devices portal) and provisioning for Bring Your Own Device (BYOD) <BR /><BR />14.&nbsp;&nbsp; &nbsp;Context sharing pxGrid <BR /><BR />15.&nbsp;&nbsp; &nbsp;Endpoint Protection Services<BR /><BR />16.&nbsp;&nbsp; &nbsp;TrustSec – ACI Integration <BR /><BR />17.&nbsp;&nbsp; &nbsp;Rapid Threat Containment (RTC) (using ANC and pxGrid) <BR /><BR />18.&nbsp;&nbsp; &nbsp;Posture (endpoint compliance and remediation)<BR /><BR />19.&nbsp;&nbsp; &nbsp;Enterprise Mobility Management and Mobile Device&nbsp; Management (EMM and MDM) integration <BR /><BR />20.&nbsp;&nbsp; &nbsp;Threat Centric NAC &nbsp;<BR /><BR />21.&nbsp;&nbsp; &nbsp;Wired access control <BR /><BR />22.&nbsp;&nbsp; &nbsp;Device Administration (TACACS+)&nbsp;</P> <P>&nbsp;</P> <P>Or are some of these feature mutually exclusive?</P> <P>&nbsp;</P> <P>Thanks.</P> Fri, 21 Feb 2020 18:45:23 GMT OBINNA EMESORONYE 2020-02-21T18:45:23Z https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/3330236#M551740 <P>Dear All, I have a a question regarding ISE deployment.</P> <P>&nbsp;</P> <P>Is it possible to have in the same network the following features all enabled;</P> <P>1.RADIUS AAA, including 802.1x, MAC Authentication Bypass Done<BR /><BR />2.&nbsp;&nbsp; &nbsp;Web authentication (local, central, device registration) <BR /><BR />3.&nbsp;&nbsp; &nbsp;MACsec <BR /><BR />4.&nbsp;&nbsp; &nbsp;SSO <BR /><BR />5.&nbsp;&nbsp; &nbsp;Guest portal and sponsor services <BR /><BR />6.&nbsp;&nbsp; &nbsp;Representational state transfer (monitoring) APIs <BR /><BR />7.&nbsp;&nbsp; &nbsp;External RESTful services (CRUD)-capable APIs <BR /><BR />8.&nbsp;&nbsp; &nbsp;Security group tagging <BR />9.&nbsp;&nbsp; &nbsp;PassiveID (Cisco Subscribers) <BR /><BR />10.&nbsp;&nbsp; &nbsp;Passive ID (Non-Cisco Subscribers) <BR /><BR />11.&nbsp;&nbsp; &nbsp;Profiling <BR /><BR />12.&nbsp;&nbsp; &nbsp;Profiler feed service <BR /><BR />13.&nbsp;&nbsp; &nbsp;Device registration (My Devices portal) and provisioning for Bring Your Own Device (BYOD) <BR /><BR />14.&nbsp;&nbsp; &nbsp;Context sharing pxGrid <BR /><BR />15.&nbsp;&nbsp; &nbsp;Endpoint Protection Services<BR /><BR />16.&nbsp;&nbsp; &nbsp;TrustSec – ACI Integration <BR /><BR />17.&nbsp;&nbsp; &nbsp;Rapid Threat Containment (RTC) (using ANC and pxGrid) <BR /><BR />18.&nbsp;&nbsp; &nbsp;Posture (endpoint compliance and remediation)<BR /><BR />19.&nbsp;&nbsp; &nbsp;Enterprise Mobility Management and Mobile Device&nbsp; Management (EMM and MDM) integration <BR /><BR />20.&nbsp;&nbsp; &nbsp;Threat Centric NAC &nbsp;<BR /><BR />21.&nbsp;&nbsp; &nbsp;Wired access control <BR /><BR />22.&nbsp;&nbsp; &nbsp;Device Administration (TACACS+)&nbsp;</P> <P>&nbsp;</P> <P>Or are some of these feature mutually exclusive?</P> <P>&nbsp;</P> <P>Thanks.</P> Fri, 21 Feb 2020 18:45:23 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/3330236#M551740 OBINNA EMESORONYE 2020-02-21T18:45:23Z https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/3330259#M551772 All these features are supported in ISE as you know. The question do you<BR />need all of them at the same time.<BR /><BR />For example due you need PxGrid while you are using REST APIs. Similarly,<BR />do you need ACI while you are using REST API or vice versa.<BR /><BR />Also, keep in mind that the more services you put in the node, the bigger<BR />the size and higher the risk of bugs. If you need all of them, then you<BR />need to start thinking about building nodes with specific roles which is<BR />cisco best practice in large deployments.<BR /> Tue, 13 Feb 2018 17:42:42 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/3330259#M551772 Mohammed al Baqari 2018-02-13T17:42:42Z https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/3330266#M551796 <P>Thanks for your prompt response Mohammed and for bringing to mine best practice of having a multi-node setup which makes a lot of sense.</P> <P>I am particularly interested in the combination of MACSec, SGT and Posture assessment for the same users. Are they all possible for the same user or mutually exclusive?</P> <P>&nbsp;</P> <P>Regards,</P> Tue, 13 Feb 2018 17:56:32 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/3330266#M551796 OBINNA EMESORONYE 2018-02-13T17:56:32Z