Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2450
Views
5
Helpful
6
Replies

Alternatives to ISE for NAC?

jmcgrady1
Level 1
Level 1

‎03-18-2021 12:35 AM

ISE is such a big cumbersome beast. Are there any commonly used alternatives for NAC on Cisco switches and wireless?

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎03-18-2021 01:05 AM - edited ‎03-18-2021 01:07 AM

Freeradius  or MS NPAS

 

or other commercials :

 

https://www.itcentralstation.com/products/cisco-ise-identity-services-engine-alternatives-and-competitors

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-18-2021 05:27 AM

ISE is such a big cumbersome beast.

-This is because it is the best option on the market in regard to NAC.  Well worth the time and investment especially if already in a Cisco centric environment.

0 Helpful

Angel_Inglese
Level 1
Level 1

‎03-19-2021 05:31 PM

Good night from here,

 

Before going into ISE or ACS I had the time to test NAC solutions for security corporate reasons. I came across PacketFence as an Open Source Solution (and for education purposes).

 

Then configured everything with low resources, then upgraded into ISE 2.7p3. Everything started easy after we already had our network adapted for that.

 

hope that my opinion would work for you.

0 Helpful

jmcgrady1
Level 1
Level 1
In response to Angel_Inglese

‎03-19-2021 08:35 PM

I'll do some research on what a VM ISE implementation would look like when specifying "low resources". My first run through the sizing estimator told me i need a VM with 96 cpu cores!

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to jmcgrady1

‎03-20-2021 08:51 AM

you can start with 32GB with less CPU

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Angel_Inglese
Level 1
Level 1

‎03-20-2021 08:25 AM

hey ! that's huge!

 

well please consider a lab environment first: Standalone mode VM that will serve one SSID. (8 vCPU / 8 GB RAM / 300 GB Storage)
Then grow up to PoC lab: Two HA nodes serving WiFi and cable. (2x 8 vCPU / 16 GB RAM / 300 GB Storage)

I read the community post regarding ISE deployments.

And took the risk with low impact considerations.

Started with specific groups such as Guests for HQ then remote offices, one by one (only 10 sites).

 

https://community.cisco.com/t5/security-documents/cisco-ise-amp-nac-resources/ta-p/3621621

 

of course, this was a lapse time of 3 months (the demo license period). and after this we decided to move on with ISE 2x SNS 3615 HA mode with Mnt node over VMWare for log storage in a SAN.

 

hope that helps,

Customers Also Viewed These Support Documents