Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
5
Helpful
2
Replies

Cisco ISE Deployment

OBINNA EMESORONYE
Level 1
Level 1

‎02-13-2018 09:16 AM - edited ‎02-21-2020 10:45 AM

Dear All, I have a a question regarding ISE deployment.

 

Is it possible to have in the same network the following features all enabled;

1.RADIUS AAA, including 802.1x, MAC Authentication Bypass Done

2.    Web authentication (local, central, device registration)

3.    MACsec

4.    SSO

5.    Guest portal and sponsor services

6.    Representational state transfer (monitoring) APIs

7.    External RESTful services (CRUD)-capable APIs

8.    Security group tagging
9.    PassiveID (Cisco Subscribers)

10.    Passive ID (Non-Cisco Subscribers)

11.    Profiling

12.    Profiler feed service

13.    Device registration (My Devices portal) and provisioning for Bring Your Own Device (BYOD)

14.    Context sharing pxGrid

15.    Endpoint Protection Services

16.    TrustSec – ACI Integration

17.    Rapid Threat Containment (RTC) (using ANC and pxGrid)

18.    Posture (endpoint compliance and remediation)

19.    Enterprise Mobility Management and Mobile Device  Management (EMM and MDM) integration

20.    Threat Centric NAC  

21.    Wired access control

22.    Device Administration (TACACS+) 

 

Or are some of these feature mutually exclusive?

 

Thanks.

Labels:
0 Helpful
2 Replies 2

Mohammed al Baqari
Level 11
Level 11

‎02-13-2018 09:42 AM

All these features are supported in ISE as you know. The question do you
need all of them at the same time.

For example due you need PxGrid while you are using REST APIs. Similarly,
do you need ACI while you are using REST API or vice versa.

Also, keep in mind that the more services you put in the node, the bigger
the size and higher the risk of bugs. If you need all of them, then you
need to start thinking about building nodes with specific roles which is
cisco best practice in large deployments.

OBINNA EMESORONYE
Level 1
Level 1
In response to Mohammed al Baqari

‎02-13-2018 09:56 AM

Thanks for your prompt response Mohammed and for bringing to mine best practice of having a multi-node setup which makes a lot of sense.

I am particularly interested in the combination of MACSec, SGT and Posture assessment for the same users. Are they all possible for the same user or mutually exclusive?

 

Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents