cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2451
Views
5
Helpful
6
Replies

Alternatives to ISE for NAC?

jmcgrady1
Level 1
Level 1

ISE is such a big cumbersome beast. Are there any commonly used alternatives for NAC on Cisco switches and wireless?

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

Mike.Cifelli
VIP Alumni
VIP Alumni

ISE is such a big cumbersome beast.

-This is because it is the best option on the market in regard to NAC.  Well worth the time and investment especially if already in a Cisco centric environment.

Angel_Inglese
Level 1
Level 1

Good night from here,

 

Before going into ISE or ACS I had the time to test NAC solutions for security corporate reasons. I came across PacketFence as an Open Source Solution (and for education purposes).

 

Then configured everything with low resources, then upgraded into ISE 2.7p3. Everything started easy after we already had our network adapted for that.

 

hope that my opinion would work for you.

I'll do some research on what a VM ISE implementation would look like when specifying "low resources". My first run through the sizing estimator told me i need a VM with 96 cpu cores!

you can start with 32GB with less CPU

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Angel_Inglese
Level 1
Level 1

hey ! that's huge!

 

well please consider a lab environment first: Standalone mode VM that will serve one SSID. (8 vCPU / 8 GB RAM / 300 GB Storage)
Then grow up to PoC lab: Two HA nodes serving WiFi and cable. (2x 8 vCPU / 16 GB RAM / 300 GB Storage)

I read the community post regarding ISE deployments.

And took the risk with low impact considerations.

Started with specific groups such as Guests for HQ then remote offices, one by one (only 10 sites).

 

https://community.cisco.com/t5/security-documents/cisco-ise-amp-nac-resources/ta-p/3621621

 

of course, this was a lapse time of 3 months (the demo license period). and after this we decided to move on with ISE 2x SNS 3615 HA mode with Mnt node over VMWare for log storage in a SAN.

 

hope that helps,