cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

884
Views
0
Helpful
3
Replies
ursshared
Enthusiast

NAC migration to ISE experiences

We currently run NAC here and are looking at migrating to ISE.  We are looking for any experiences you may have had and your opinions of this migration.  Thanks.

3 REPLIES 3
harvisin
Participant

HEllo,

The 2 products are completely different on how the devices authenticate to the network and how they are controlled.

The guidance is to deploy ISE and then cut over your networks in a phased approach

A switch ad their ports can be managed by both NAC and ISE at the same time to help with this transition.

Please make sure that the NAC appliance agent network/ports are not able to communicate with ISE and the ISE NAC agent networks are not able to communicate with the NAC server as you don't want the agents discovering/communicating to the wrong service (ISE vs NAC) as they will not integrate.

For agent version please refer to this note:

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html

Cisco NAC Agent Interoperability

There is integration support for different versions of Cisco NAC Agent for integration with Cisco NAC Appliance and Cisco ISE. Current releases are developed to work in either environment. However, interoperability between deployments is not guaranteed. Therefore, there is no explicit interoperability support for a given Cisco NAC Agent version intended for one environment. If you require support for Cisco NAC Appliance and Cisco ISE using a single Cisco NAC Agent, be sure to test NAC Agent in the specific environment to verify compatibility.

Unless there is a specific defect or feature required for Cisco NAC Appliance deployment, we recommend deploying the most current agent certified for your Cisco ISE deployment. If an issue arises, restrict Cisco NAC Agent to its intended environment and contact Cisco TAC for assistance. Cisco NAC Agent interoperability is not guaranteed, but testing and support is in progress.

Ravi Singh
Rising star

Tarik Admani
Advocate

The folks have provided useful information but no one asked about your deployment? What mode are you running. Is wireless involved? Are you in band or out of band and how does your current nac solution scale today. I can provide you with my experiences on migrating customers off of nac.


Sent from Cisco Technical Support Android App

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube