http://www.cisco.com/en/US/docs/security/ise/1.1/compatibility/ise_sdt.html
From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of John Schaeffer Sent: Thursday, April 05, 2012 9:47 AM To: [email protected] Subject: Re: NAC -> ISE We heard that ISE won't work with the 2950's or 2960's on the edge. Is that true? On Thu, Apr 5, 2012 at 8:34 AM, Kelly Slone <[email protected]<mailto:[email protected]>> wrote: We have been looking at ISE for several months now with mixed results. We kept being promised several things would be fixed in the 1.1 release and now that we have it up and running this has changed to either that is "expected in 1.2" or even worse 2.0. We've been able to set up a functioning guest portal, perform 802.1x auths and place users in a particular vlan based on AD group membership. All of this seems to work fairly well. I'm disappointed with the posture portion of the product at this point. With nac, when a user is in a quarantined role you can easily limit their access to only allow access to software vendor patches and av vendor patches/updates for products you approve based on url filtering. This option is not available in ISE. ISE requires you to move the user to a particular vlan, and use an upstream firewall that supports url filtering. I'm not really convinced the product is ready to be a nac replacement yet. Thank you, Kelly Slone, B.S., MCP Telecom Specialist II Marshall University Computing Services Drinko Library DL420 Office: 304-696-6109<tel:304-696-6109> Helpdesk: 304-696-3200<tel:304-696-3200> [email protected]<mailto:[email protected]> -- [https://www.conncoll.edu/news/graphics/images/EmailSig.jpg] John Schaeffer | Connecticut College Systems/Network Admin | 270 Mohegan Ave. [email protected]<mailto:[email protected]> | New London, Ct (860)222-0859 | 06320
