Alternatives to ISE?
Christopher J. Wolff
cjwolff at nola.gov
Mon Dec 4 15:00:51 UTC 2017
Ray,
I'm running 2.2 with 17000 endpoints in a 7 node deployment.
Main Problems:
-Replication slow or failed
-Displaying endpoints ends up in a "Shards" error or crashes the GUI (documented Cisco bug)
-Wifi Container Service (?) fails
-Inaccurate license counts causing license alarms
-Moments where unable to add or see network devices
-Profile rules are not catching certain hosts (even when you hardcode the OUI)
I'm certain I'm forgetting a few but you get the drift.
Yours in service,
Christopher J. Wolff | Network Operations
Information Technology & Innovation
City of New Orleans
(o) 504.658.7817
(m) 504.265.6306
(e) cjwolff at nola.gov
-----Original Message-----
From: Ray Van Dolson [mailto:rvandolson at esri.com]
Sent: Sunday, December 3, 2017 9:55 PM
To: Christopher J. Wolff <cjwolff at nola.gov>
Cc: nanog at nanog.org
Subject: Re: Alternatives to ISE?
On Sun, Dec 03, 2017 at 02:39:27PM +0000, Christopher J. Wolff wrote:
> I've about reached my limit with the dumpster fire that is Cisco's
> Identity Service Engine. Are there any reliable alternatives that do
> endpoint classification, central web auth, and .1x auth?
What version of ISE are you running? What are your main frustrations with it?
Ray
More information about the NANOG
mailing list