Alternatives to ISE?

Eriks Rugelis eriks at netideainc.ca
Sun Dec 3 15:36:21 CST 2017


$dayjob is a university where we use PacketFence to support .1x for a population of approx. 28K concurrent Wi-Fi devices.

It took us a couple of iterations but we now have a clustered deployment (of VM’s) model which routinely handles >1200 logins per second, has a fair bit of headroom left over and can scale larger as required.

We have been very satisfied with the responsiveness and capabilities of tech support by Inverse.ca.   All this and the price point is hard to beat.

I have no personal interest in Inverse other than as a satisfied customer.

Our presentation on the scalable deployment model for PF may be found by searching the web for “Authentication for big Wi-Fi”.

Eriks
---
Eriks Rugelis
Sr. Consultant
Netidea Inc.
T: +1.416.876.0740

> On Dec 3, 2017, at 10:06, Jean | ddostest.me via NANOG <nanog at nanog.org> wrote:
> 
> I'm about to try this one.
> 
> https://packetfence.org/
> 
> Not sure if it covers all the features you need though, but it seems
> promising. In case you give it a try, could you share your experience
> please?
> 
> Thanks
> Jean
> 
>> On 17-12-03 09:48 AM, segs wrote:
>> Forescout but if you want something simpler with SNMP authentication of
>> switches and Domain Controller of authorized PCs you can have a look at
>> Portnox. Done couple of deployments with Portnox.
>> 
>> On Sun, Dec 3, 2017 at 3:39 PM, Christopher J. Wolff <cjwolff at nola.gov>
>> wrote:
>> 
>>> I've about reached my limit with the dumpster fire that is Cisco's
>>> Identity Service Engine.  Are there any reliable alternatives that do
>>> endpoint classification, central web auth, and .1x auth?
>>> 
>>> Thanks in advance,
>>> Christopher
>>> 
> 


More information about the NANOG mailing list