cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1165
Views
0
Helpful
3
Replies

NAC migration to ISE experiences

ursshared
Level 4
Level 4

We currently run NAC here and are looking at migrating to ISE.  We are looking for any experiences you may have had and your opinions of this migration.  Thanks.

3 Replies 3

harvisin
Level 3
Level 3

HEllo,

The 2 products are completely different on how the devices authenticate to the network and how they are controlled.

The guidance is to deploy ISE and then cut over your networks in a phased approach

A switch ad their ports can be managed by both NAC and ISE at the same time to help with this transition.

Please make sure that the NAC appliance agent network/ports are not able to communicate with ISE and the ISE NAC agent networks are not able to communicate with the NAC server as you don't want the agents discovering/communicating to the wrong service (ISE vs NAC) as they will not integrate.

For agent version please refer to this note:

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html

Cisco NAC Agent Interoperability

There is integration support for different versions of Cisco NAC Agent for integration with Cisco NAC Appliance and Cisco ISE. Current releases are developed to work in either environment. However, interoperability between deployments is not guaranteed. Therefore, there is no explicit interoperability support for a given Cisco NAC Agent version intended for one environment. If you require support for Cisco NAC Appliance and Cisco ISE using a single Cisco NAC Agent, be sure to test NAC Agent in the specific environment to verify compatibility.

Unless there is a specific defect or feature required for Cisco NAC Appliance deployment, we recommend deploying the most current agent certified for your Cisco ISE deployment. If an issue arises, restrict Cisco NAC Agent to its intended environment and contact Cisco TAC for assistance. Cisco NAC Agent interoperability is not guaranteed, but testing and support is in progress.

Ravi Singh
Level 7
Level 7

Tarik Admani
VIP Alumni
VIP Alumni

The folks have provided useful information but no one asked about your deployment? What mode are you running. Is wireless involved? Are you in band or out of band and how does your current nac solution scale today. I can provide you with my experiences on migrating customers off of nac.


Sent from Cisco Technical Support Android App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: