04-25-2012 01:34 PM - last edited on 03-25-2019 05:28 PM by ciscomoderator
We currently run NAC here and are looking at migrating to ISE. We are looking for any experiences you may have had and your opinions of this migration. Thanks.
09-21-2013 06:05 PM
HEllo,
The 2 products are completely different on how the devices authenticate to the network and how they are controlled.
The guidance is to deploy ISE and then cut over your networks in a phased approach
A switch ad their ports can be managed by both NAC and ISE at the same time to help with this transition.
Please make sure that the NAC appliance agent network/ports are not able to communicate with ISE and the ISE NAC agent networks are not able to communicate with the NAC server as you don't want the agents discovering/communicating to the wrong service (ISE vs NAC) as they will not integrate.
For agent version please refer to this note:
http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html
There is integration support for different versions of Cisco NAC Agent for integration with Cisco NAC Appliance and Cisco ISE. Current releases are developed to work in either environment. However, interoperability between deployments is not guaranteed. Therefore, there is no explicit interoperability support for a given Cisco NAC Agent version intended for one environment. If you require support for Cisco NAC Appliance and Cisco ISE using a single Cisco NAC Agent, be sure to test NAC Agent in the specific environment to verify compatibility.
Unless there is a specific defect or feature required for Cisco NAC Appliance deployment, we recommend deploying the most current agent certified for your Cisco ISE deployment. If an issue arises, restrict Cisco NAC Agent to its intended environment and contact Cisco TAC for assistance. Cisco NAC Agent interoperability is not guaranteed, but testing and support is in progress.
10-09-2013 11:50 AM
Please see the below link for Migration
http://www.cisco.com/en/US/docs/security/ise/1.0beta/installation_guide/cise_upg.html
10-10-2013 01:24 AM
The folks have provided useful information but no one asked about your deployment? What mode are you running. Is wireless involved? Are you in band or out of band and how does your current nac solution scale today. I can provide you with my experiences on migrating customers off of nac.
Sent from Cisco Technical Support Android App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide