Alternatives to ISE?

Christopher J. Wolff cjwolff at
Mon Dec 4 15:00:51 CST 2017


I'm running 2.2 with 17000 endpoints in a 7 node deployment.  

Main Problems:
-Replication slow or failed
-Displaying endpoints ends up in a "Shards" error or crashes the GUI (documented Cisco bug)
-Wifi Container Service (?) fails
-Inaccurate license counts causing license alarms
-Moments where unable to add or see network devices
-Profile rules are not catching certain hosts (even when you hardcode the OUI) 

I'm certain I'm forgetting a few but you get the drift.

Yours in service,

Christopher J. Wolff | Network Operations
Information Technology & Innovation
City of New Orleans

(o) 504.658.7817
(m) 504.265.6306
(e) cjwolff at

-----Original Message-----
From: Ray Van Dolson [mailto:rvandolson at] 
Sent: Sunday, December 3, 2017 9:55 PM
To: Christopher J. Wolff <cjwolff at>
Cc: nanog at
Subject: Re: Alternatives to ISE?

On Sun, Dec 03, 2017 at 02:39:27PM +0000, Christopher J. Wolff wrote:
> I've about reached my limit with the dumpster fire that is Cisco's 
> Identity Service Engine.  Are there any reliable alternatives that do 
> endpoint classification, central web auth, and .1x auth?

What version of ISE are you running?  What are your main frustrations with it?


More information about the NANOG mailing list