Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3316
Views
0
Helpful
6
Replies

enable NAC and ISE at WLC

Go to solution
Leftz
Level 4
Level 4

‎03-15-2022 02:05 PM - edited ‎03-15-2022 02:31 PM

Hi In WLC, from WLANs -----> Advanced -----> AP group -----> we can see blue triangle on the right side. When moving mouse on it, it can show several choices. One of them is NAC Enable. Please see the below screenshot. NAC is part of ISE. We can think the relationship as this: ACS + NAC profiler + NAC guest + NAC manager + Nac Server = ISE

 

Question is what is meant with "enable NAC" over there? enable ISE? Thank you

 

1.PNG

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ammahend
VIP
VIP
In response to Leftz

‎03-26-2022 03:29 AM

I have never used this but if I have to guess, remember before ISE cisco had a product called called NAC appliance, it was not as successful as ISE and Many functions such as Profiling and Advanced Guest Access require specific hardware. The minimal system is a management (CAM) and enforcer (CAS). What you pointed in ISE must be setting to establish some communication between both (CAM and ISE) for profile information exchange or something. 

Also keep in mind NAC is a general industry term, think of network access control (NAC) as a function and ISE as a product (appliance or VM) that performs that function. 
so some of old timers will call ISE as NAC, they will call Aruba clearpass as NAC, they will call Fortinac as NAC, call forescout platform as NAC, you get the idea. 

-hope this helps-

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Flavio Miranda
VIP
VIP

‎03-15-2022 07:07 PM

ISE is NAC (Network Access Control)

0 Helpful

Go to solution
Leftz
Level 4
Level 4

‎03-16-2022 06:34 AM - edited ‎03-16-2022 08:05 AM

Thanks for Flavio!

If we did not click on "NAC Enable" usually, this mean this WLAC is not using ISE? 

0 Helpful

Go to solution
ammahend
VIP
VIP

‎03-20-2022 08:22 AM - edited ‎03-20-2022 08:25 AM

It means you enabled wlan for couple of things:

Now the controller forwards the request to the Cisco ISE server without verifying in the local database.

Wlan is enables AAA override means AAA authorization result will override local configuration. 
Guest tunneling mobility is supported only for ISE NAC–enabled WLANs.

 

There are also some restrictions to using this, read details here.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0110001.pdf

-hope this helps-
0 Helpful

Go to solution
Leftz
Level 4
Level 4

‎03-25-2022 08:31 AM

Thank you for your reply. 

Since ISE is NAC, why we often use term NAC, instead of ISE when talking about ISE. One of many examples is below screenshot. It uses "NAC Managers" instead of ISE Managers

 

1.PNG

 

 

0 Helpful

Go to solution
ammahend
VIP
VIP
In response to Leftz

‎03-26-2022 03:29 AM

I have never used this but if I have to guess, remember before ISE cisco had a product called called NAC appliance, it was not as successful as ISE and Many functions such as Profiling and Advanced Guest Access require specific hardware. The minimal system is a management (CAM) and enforcer (CAS). What you pointed in ISE must be setting to establish some communication between both (CAM and ISE) for profile information exchange or something. 

Also keep in mind NAC is a general industry term, think of network access control (NAC) as a function and ISE as a product (appliance or VM) that performs that function. 
so some of old timers will call ISE as NAC, they will call Aruba clearpass as NAC, they will call Fortinac as NAC, call forescout platform as NAC, you get the idea. 

-hope this helps-
0 Helpful

Go to solution
Leftz
Level 4
Level 4

‎04-13-2022 11:38 AM

Thank you ammahend for your excellent explanation! 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card