Difference between ACS and ISE

Unanswered Question
Jan 23rd, 2012

What is the big difference between the ACS and the ISE? We just purchased an ACS server to start locking down ports on our switches and use the Radius functions to better secure our wireless environment. It has been ordered but not yet arrived. I had a discussion with management today about preventing the IPads / IPhones / Smartphones / etc. of the world from accessing the network. If the user knows the credentials for getting their laptop onto the network then they can use these same credentials to get their IPad on the network. How do we detect and prevent is the current question.

In discussing with others the ISE comes up. The questions now become what is the big difference between this and the ACS. Do they work together or independently since they both seem to have "radius on steroids". Can I configure the ACS to do the same functions? I figure this will have to be something on a MAC address level anyway. Oh and one other thing. My wireless infrastructure is not Cisco.

Off to continue the research path ....

Brent

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
blakekrone Mon, 01/23/2012 - 08:13

To put it simply I usually say ACS = RADIUS, ISE = NAC.

ISE will do RADIUS functions as well as NAC functions. Eventually you'll probably see ACS go away and be simply replaced by ISE.

ISE will do posturizing and profiling of a device to see if it truly meets requirements to be on a certain VLAN. For your example if you were to my credentials on my own smart device I would have access. ISE could profile this device to see if it truly is a corporate owned device or not. If it wasn't ISE can switch the network that the device connects to, say a guest network.

ISE can also do captive web portals for wired/wireless guest access.

I wouldn't rely on any type of MAC address authentication as I can easily spoof that.

Vinay Sharma Mon, 01/23/2012 - 08:34

You can check this

https://supportforums.cisco.com/docs/DOC-18121

https://supportforums.cisco.com/community/netpro/wireless-mobility/security-network-management/blog/2011/07/25/video-integration-of-cisco-identity-services-engine-ise-and-wireless-lan-controller-wlc

Thanks,

Vinay Sharma

Sent from Cisco Technical Support iPhone App

Actions

Login or Register to take actions

This Discussion

Posted January 23, 2012 at 8:07 AM
Stats:
Replies:4 Overall Rating:4.66667
Views:10232 Votes:0
Shares:0
Tags: acs, features, ise
+

Related Content

 

Discussions Leaderboard

Rank Username Points
1
Scott Fella
3,345
2
Stephen Rodriguez
1,515
3
George Stefanick
1,322
4
Leo Laohoo
800
5
Manannalage ras...
671
Rank Username Points
George Stefanick
38
Manannalage ras...
25
V B
23
Scott Fella
20
Freerk Terpstra
18

Trending Topics - Security & Network