Catalyst Center and ISE integration

Todd S · ‎01-13-2025

Are there any benefits to implementing ISE within Catalyst Center if you aren't using SDAccess? We are doing 802.1x wired/wireless but not we are not using SGTs. Just trying to understand how ISE will fit in with Catalyst Center in this deployment.

Flavio Miranda · ‎01-13-2025

@Todd S

Without SDA I dont see any reason to integrate ISE to DNAC. Actually, even for SGT you dont need ISE/DNAC integration, ISE can do it on its own.

Preston Chilcote · ‎01-13-2025

There was a discussion on this not too long ago with some detail that might help you:

https://community.cisco.com/t5/cisco-catalyst-center/dnac-catc-and-ise-what-does-dnac-do-and-what-do-you-have-to-do/td-p/5240015

ammahend · ‎01-13-2025

ISE is really good with contextual data, Catalyst Center can display contextual information about users, devices, their authentication/authorization states and profile information from ISE. So I would still recommend to integrate ISE, it does not do you any harm.

-hope this helps-

Torbjørn · ‎01-13-2025

As I am sure is mentioned in the post @Preston Chilcote linked above. The main benefits of integrating without SDA is that devices are automatically registered when onboarded through PNP and that you can use the "ISE" option under design > network settings.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Olu802-11 · ‎01-27-2025

It's also possible to use the device attributes that are passed from Cat C to ISE to create some custom policies. For instance if Cat C indentifies an iPhone for instance you can create a policy that prevents that device from authenticating to a network that you do not want it on.