Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


ACS 4.2 vs ACS 5.1

If you wanted to stand up a ACS solution in your environment, which is the better choice at this time? Is 4.2 going to be around, or is it going away for 5.x in the near future?

Faisal Sehbai
Rising star

4.x will be around for quite some time, but if you have the option, go to 5. Very flexible and powerful!


I would urge caution.

Carefully assess what 4.x features you need and check they are available in 5.x.

Not only that, but check for outstanding bugs on those features.

If you depend on TACACS+ stick with 4.x. If you do large scale 802.1x or NAC consider 5.x

We speak to a lot of Cisco users and 5.x does not have feature parity and hasn't reached maturity w.r.t bugs etc.

ACS 5.1 has just been released that includes many of the missing 4.x parity features. This includes TACACS+ specific features such as custom attributes, change passwords and other features such as RSA, custom VSAs etc.

ACS 5.1 also includes a built in monitoring and trubleshooting module and the need for an additional license for these features has been dropped.

Hi, Why do you recommend to user v5.1 for 802.1x and NAC implementations?

I`m asking because we are planning to deploy NAC.

The recommendation of 5.x for 802.1x/NAC is based on the fact that this is exactly what 5.x was created for, whereas in 4.x these features were "grafted" on.

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube