NAC replacement with ISE 2.1

salman abid · ‎02-02-2017

HI experts,

I have to replace NAC (don't ask me what model software,hardware bla bla) all I know is it's Linux based very old NAC and it's end of support now.

So I have to replace that with ISE2.1

Currently that NAC system is being in used for only guest user database (username/password). Current configuration is very straight forward

1- There is Cisco WLC

2- One SSID with 'Layer3'' web-policy security and authentication to AAA server (now AAA is IP of NAC system)

3- Web-auth portal is default portal from WLC

As I have already mentioned we have to replace NAC with ISE 2.1, so in order to have less impact on user experience (here I'm talking about 3000+) users, I'm planning to prepare ISE with

1- One custom admin user(who'll create the user database)

2- Will add IP of ISE as AAA server

Then gradually I'll move towards self sign-in portal(in my environment guest users are the most critical users :P ).

So I have very straight question:

For a start can I use ISE to dump the database of guest user login (same way as NAC is doing) by having web-auth portal from controller.

nspasov · ‎02-02-2017

You can do this by configuring LWA (Local Web Auth). However, that is a very outdated method/configuration and as a result, I would highly recommend that you explore CWA (Central Web Auth). In order to run CWA your controllers must be newer and must be able to run version 7.2 and later.

I hope this helps!

Thank you for rating helpful posts!