cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2671
Views
0
Helpful
8
Replies

ISE and NAC Agent

jthullen
Level 1
Level 1

Hello, we currently run NAC for our wired (OOB), wireless (IB) and VPN (IB) enviroments. We are looking at migrating over to ISE for our wireless enviroment as a first step, with follow-up projects to move the VPN and wired clients over. I have been reading that ISE will still use the NAC agent. Our current NAC enviroment is at 4.7.2 and we are running the 4.7.2.10 agent. We do not want to upgrade this enviroment, we would rather focus on migrating to ISE. So our thought was to upgrade the clients to the latest NAC agent version 4.9.1.5. This agent is supported against the 4.7.2 NAC Manager. The problem is, I do not see this agent version listed as supported in the ISE compatibility matrix. Instead, they list a NAC agent of 4.9.0.37, which ironically, is NOT listed in the NAC compatiblity matrix. So what version of NAC agent should we run in a mixed enviroment? I am hoping 4.9.1.5 is supported against ISE, and the matrix is simply not updated yet. Thank you in advance for your help.

8 Replies 8

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

The nac agents will not work together, you will have to upgrade your environment to support the same agent version for both environments.

thanks,

Tarik Admani

Not sure I understand. The 4.9.1.5 NAC agent does run against our CAM, as we have tested that and it is listed in the support matrix. So if we upgrade our NAC applainces, we would still run that agent. Does that agent tun against ISE, and if not, what is Cisco's recommendation to bring ISE into the enviroment? We have to have a migration path, and wireless seemed like a logical first step. But we need a NAC agent that will work against Clean Access AND ISE as our laptops will be wireless and wired at different times. Which Agent would be recommended?

Hi,

I am following up on this for your, I am confirming to see if the ISE documentation needs to be updated or if it hasnt been officially tested. I completely understand why this is critical.

Thanks

Tarik Admani

Thank you Tarik, I really appreciate your help with this issue. Hopefully there is a client compatibile with both, I will keep my fingers crossed until I hear from you!.

are there any updates about this problem ?

I have not heard back from Tarik on this issue yet.

Hello everybody. Are there any updates about the agents compatibility issue between ISE and NAC manager ?

Sorry for the delay, but in agent release 4.9 is is supported:

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/49/49rn.html#wp1268309

However even the statements made seem to require some testing before rolling this out.

Thanks,

Tarik Admani
*Please rate helpful posts*

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: