We saw a Demo of SafeConnect last Summer and were very impressed. We have the original 3140 CCA hardware that goes EOL next August 2011 but we decided to push our NAC project off one more year until next summer to let Impulse, Bradford, and Cisco have another year to compete before we made our decision.
We run in-band, wanting to move to out-of-band, but we didn’t really like Bradford’s switch-manipulation (even though I’m assuming Cisco’s is the same process.) We liked Impulse’s strategy until we found out that they are constantly reading NetFlow data and then writing ACL’s on core switches. I’m not totally convinced either that I want my NAC constantly hitting my core (which we also heard that if you run a Cisco 4500 at your core, the CPU is 100% constantly due to the 4500 architecture and Netflow.) Impulse requires you to get the Enterprise License that enables Policy Based Routing and most schools we talked to that had a 4500 ended up moving to a 6500 series chassis just to help Impulse. We didn’t want to be forced into a 6500 (or Brocade SX series.) FYI…What we’re thinking of doing for our core is the new 4500R+E chassis with dual Sup 7’s that gives us 48G per module…higher than the SUP720, HP 8212ZL, and Brocade SX800. We’re hoping by next summer we’ll have a better idea for our NAC project… [Description: seal_sign]<mailto:[email protected]> From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Baynes, Faith Sent: Tuesday, October 26, 2010 11:46 AM To: [email protected] Subject: Re: So long and thanks for all the fish I second that! We’ve been live in production with Safeconnect for 5ish months now and are quite pleased (spent 5 years in CCA land before that… ). -faith From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Christopher DeSmit Sent: Tuesday, October 26, 2010 5:44 AM To: [email protected] Subject: Re: So long and thanks for all the fish Might want to check into Safeconnect. http://www.impulse.com/ Thanks, Christopher DeSmit University of North Carolina Pembroke- Division of Information Technology Network Security Specialist From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Bruce Hodge Sent: Monday, October 25, 2010 5:36 PM To: [email protected] Subject: Re: So long and thanks for all the fish I am also on the lookout for a new NAC solution. We were promised by Cisco that the "sign off" bug would be fixed four years ago, and its only been fixed in 4.8 BUT we are running 3140's and they may or may not support 4.8 depending on my configuration, and so far Cisco hasn't been able to answer that question. Unfortunately Bradford does not have an Australian agent let alone a local agent here and I really don't want to be caught in off shore support (again).... sigh My best candidate at the moment is the Enterasys solution, it does out of band 802.1X and lets me use non Cisco or Enterasys edge switches. Does anyone have any comments about the Enterasys solution? ta On 10/26/2010 7:05 AM, Tracey Jackson wrote: We have moved to Bradford at our main campus and all is running well so far. -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of David Maas Sent: Monday, October 25, 2010 1:58 PM To: [email protected]<mailto:[email protected]> Subject: Re: So long and thanks for all the fish Welcome to the group...I have done exactly the same thing about a year ago. I have been looking for a replacement that fits in our environment ever since. I have done approx 1/2 a dozen or so pilots on different products, and I would recommend that you look at Bradford Network as your move forward. David Maas Merkle, Inc. Sr. Security Engineer Office: 443.542.4152 Cell: 301.741.2720 [email protected]<mailto:[email protected]> http://www.merkleinc.com Optimizing Customer Behavior to Improve Financial Results "There are 3 ways to do Network Security: The right way, the wrong way,and the faster way to get in trouble." • please consider the environment before printing this e-mail -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Daniel Sichel Sent: Monday, October 25, 2010 1:45 PM To: [email protected]<mailto:[email protected]> Subject: So long and thanks for all the fish Well after five years of struggling to make Clean Access work in our Active Directory environment I walked in this morning and nobody could log in. The Single sign on service had quit and would not restart, not even after a reboot. That did it for me. I uninstalled it from all my switches and have turned the servers OFF. Forever. Just too buggy. Done. Finito. I would like to thank all the people on this list for their help over the years and wish you all luck with this system. I sure didn't have any. Dan Sichel Ponderosa Telephone -- Bruce Hodge Team Leader Networks and Communications Group IT Services The University of Newcastle, Australia Phone: +61 2 492 15563 Fax: +61 2 492 16910 Email: [email protected]<mailto:[email protected]> Mobile: 0408 610 293 IT Support: +61 2 492 17000 [cid:[email protected]] http://www.newcastle.edu.au/unit/it CRICOS Provider Number: 00109J
<<inline: image004.gif>>
<<inline: image001.jpg>>
