Cisco ISE

Mann, Jason jamann at mt.gov
Sat Oct 7 14:20:53 CST 2017


Yes I would be curious as to what issues you are running into? We currently use ACS to do 802.1x authentication for all of our Wired/Wireless clients and will move that functionality over to ISE. We would also like to start doing provisioning/nac and certificate authority on the ISE, as well as PXGrid into InfoBlox, NetScout, F5, APIC-EM, and Cisco Prime 3.1

-----Original Message-----
From: Rheams, Doug [mailto:doug.rheams at franklintempleton.com] 
Sent: Friday, October 6, 2017 3:01 PM
To: Christopher J. Wolff <cjwolff at nola.gov>; Mann, Jason <jamann at mt.gov>
Cc: nanog at nanog.org
Subject: RE: Cisco ISE

We started at version 1.4 and we're up to 2.1 now but it's just for tacacs and certificate auth without any profiling or posturing. I agree it hasn't been the easiest product but it's working. What type of issues are you running into? 

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Christopher J. Wolff
Sent: Friday, October 6, 2017 1:54 PM
To: Mann, Jason <jamann at mt.gov>
Cc: nanog at nanog.org
Subject: Re: Cisco ISE

Proceed with extreme caution.  You may want to have that end of life ACS deployment bake for another six months.  You will want to have the highest level of Cisco engineering engaged should you choose to go this direction.

On Oct 6, 2017, at 3:48 PM, Mann, Jason <jamann at mt.gov<mailto:jamann at mt.gov>> wrote:

As would I. We are going to start a project that is replacing ACS 5.7 with ISE 2.X

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Christopher J. Wolff
Sent: Friday, October 6, 2017 2:41 PM
To: nanog at nanog.org<mailto:nanog at nanog.org>
Subject: Cisco ISE

Is anyone successfully deploying ISE 2.X?  I'm six months into it on about 10,000 endpoints and it seems like it's a highly challenged product.  I'd love to hear your experiences on or off-list.  Thanks in advance.
Notice:  All email and instant messages (including attachments) sent to or from Franklin Templeton Investments (FTI) personnel may be retained, monitored and/or reviewed by FTI and its agents, or authorized law enforcement personnel, without further notice or consent.
.



More information about the NANOG mailing list