We have been demoing ISE for a while now. The biggest challenge for us was to integrate with our LDAP backend without requiring supplicants to be installed on clients to support EAP-GTC. To overcome this we managed to setup ISE to authenticate against RADIUS instead (which is not exactly a straightforward process) and that allows us to use the standard EAP-MSCHAPv2/PEAP supplicant installed on Windows.
In Mac OS 10.7 (Lion) Apple changed the way you configure 802.1x settings. Now the user cannot configure anything. All configuration has to be done with Apple’s “iPhone configuration utility” and then the profile needs to be loaded on the client. As Bruce mentioned, the license cost is quite substantial. Cisco will tell you that your current NAC licenses will transfer over as “Advanced ISE Licenses” 1 for 1, however, that is only valid for 3 years, at which point you need to purchase new licenses. Additionally, any devices in your MAC filter list will also eat up licenses. Eric J. Kenny Network Analyst Marist College 3399 North Rd. Poughkeepsie, NY 12601 845.575.3820
