01-27-2013 06:25 AM - edited 03-10-2019 08:01 PM
Hi Everyone,
We are a Small company with 400-Users and currently we are using ACS 4.2 at our company. we want to upgrade and use Cisco ISE Appliance instead.
I want to know is there any major changes in configurtaion between ACS 4.2 and the ISE Latest Verison..............?
Is there any Hardware (Switch or Cisco AP ) compatibility issues with using Cisco ISE. (we are currently using Cisco Cat 3550 and Cisco Aironet 2600 APs with the existing ACS4.2)
What ISE Series & what Soft version are the latest so i can order ?
Thank You
01-28-2013 12:25 AM
Salam Imran,
Yes there is a big change about how to configure ISE and ACS 4.2.
There is no direct migration from 4.2 to ISE, you need to migrate from 4.2 to 5.x then migrate from 5.x to ISE.
Check this:
http://www.cisco.com/en/US/docs/security/ise/1.1/migration_guide/ise_mig_undst_tool.html
It worths to mention that migraiton from 4.x to 5.x ACS version does not migrate all config. It migrates some of them (usernames, identity groups, devices, device groups..etc) but the policies are not necessarily migrated.
Check what is being migrated on this link:
HTH
Amjad
Rating useful replies is more useful than saying "Thank you"
01-28-2013 01:36 AM
You should be running atleast v12.2(44)SE on the switches and 7.2.103.0 on the WLC.
Check this compability list:
http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html
01-29-2013 10:34 PM
Thank you Amjad and Philip
One question, We currently have Cisco Aironet Access-Point in our network. is it a need to have WLC for ISE Deployment, or the Aironet APs can work with ISE ?? please advice
AS it is stated on Cisco website that ISE does not have TACACS+ functionality,
then for device-management purposes companies should use ACS
and for other AAA/NAC... services should use ISE ?
My quesiton is both products should be used for having multiple services TACACS+ & Radius ?
01-31-2013 06:23 AM
You can not use autonomus accesspoints with ISE, only lightweight (using WLC).
The second question someone else have to answer. I just learned this week that admin access to devices is not yet fully implemented with ISE so we have to use our old ACS for that.
02-06-2013 10:16 AM
In my company we use both ACS and ISE, well we had ACS originally but we have to keep it for Autonomous APs and TACACS+, cisco said they will be adding TACACS+ to ISE but that would be in the future.
04-04-2013 02:07 AM
Hello Imran,
there is a big change about how to configure ISE and ACS 4.2.
There is no direct migration from 4.2 to ISE, you need to migrate from 4.2 to 5.x then migrate from 5.x to ISE.
Below is the link of the devices that supporte by Cisco ISE.
http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html
04-04-2013 06:02 PM
Basic funtion of ACS is for AAA funtion. ISE is a combination of ACS and NAC with advanced features
If you want to migrate from ACS to ISE Cisco ISE supports data migration from Cisco Secure ACS 5.1 and 5.2 using the Cisco Secure ACS-ISE 1.0.4 Migration Tool
The hardware for the Cisco ISE is the same as the hardware for the Cisco 1121 Secure Access Control System (ACS). The ISE also supports VMware
Cisco Secure ACS capabilities are available in the Base software version of the Identity Services Engine. Cisco is offering a 50% discount on the Base migration SKUs.
Latest version Of software for ISE is 1.1.3 , 1.1.3 does not support TACACS+
and minimum recquirement for WLC and switch models refer the following links
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html
http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html
09-21-2013 05:31 PM
Hello Imran,
For your first question:-
We currently have Cisco Aironet Access-Point in our network. is it a need to have WLC for ISE Deployment, or the Aironet APs can work with ISE ??
Answer is YEs, you need to have a WLC for the ISE deployment , it is recommended.
For your second question:-
Till now, ISE does not have a support for TACACS+ functionality, so you can use ACS in your network for that purpose but rest of the network should be managed by ISE.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide