Difference between ACS and ISE

Unanswered Question
Jan 23rd, 2012

What is the big difference between the ACS and the ISE? We just purchased an ACS server to start locking down ports on our switches and use the Radius functions to better secure our wireless environment. It has been ordered but not yet arrived. I had a discussion with management today about preventing the IPads / IPhones / Smartphones / etc. of the world from accessing the network. If the user knows the credentials for getting their laptop onto the network then they can use these same credentials to get their IPad on the network. How do we detect and prevent is the current question.

In discussing with others the ISE comes up. The questions now become what is the big difference between this and the ACS. Do they work together or independently since they both seem to have "radius on steroids". Can I configure the ACS to do the same functions? I figure this will have to be something on a MAC address level anyway. Oh and one other thing. My wireless infrastructure is not Cisco.

Off to continue the research path ....

Brent

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.7 (3 ratings)
blakekrone Mon, 01/23/2012 - 08:13

To put it simply I usually say ACS = RADIUS, ISE = NAC.

ISE will do RADIUS functions as well as NAC functions. Eventually you'll probably see ACS go away and be simply replaced by ISE.

ISE will do posturizing and profiling of a device to see if it truly meets requirements to be on a certain VLAN. For your example if you were to my credentials on my own smart device I would have access. ISE could profile this device to see if it truly is a corporate owned device or not. If it wasn't ISE can switch the network that the device connects to, say a guest network.

ISE can also do captive web portals for wired/wireless guest access.

I wouldn't rely on any type of MAC address authentication as I can easily spoof that.

Vinay Sharma Mon, 01/23/2012 - 08:34

You can check this

https://supportforums.cisco.com/docs/DOC-18121

https://supportforums.cisco.com/community/netpro/wireless-mobility/security-network-management/blog/2011/07/25/video-integration-of-cisco-identity-services-engine-ise-and-wireless-lan-controller-wlc

Thanks,

Vinay Sharma

Sent from Cisco Technical Support iPhone App

Actions

Login or Register to take actions

This Discussion

Posted January 23, 2012 at 8:07 AM
Stats:
Replies:4 Avg. Rating:4.66667
Views:6672 Votes:0
Shares:0
Tags: acs, features, ise
+

Related Content

Discussions Leaderboard