[196175] in North American Network Operators' Group
RE: Cisco ISE
daemon@ATHENA.MIT.EDU (Mann, Jason)
Sat Oct 7 20:57:55 2017
X-Original-To: nanog@nanog.org
From: "Mann, Jason" <jamann@mt.gov>
To: "Rheams, Doug" <doug.rheams@franklintempleton.com>, "Christopher J. Wolff"
<cjwolff@nola.gov>
Date: Sat, 7 Oct 2017 14:20:53 +0000
In-Reply-To: <CO2PR05MB27257710B36F6AAB20377CB4E9710@CO2PR05MB2725.namprd05.prod.outlook.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Yes I would be curious as to what issues you are running into? We currently=
use ACS to do 802.1x authentication for all of our Wired/Wireless clients =
and will move that functionality over to ISE. We would also like to start d=
oing provisioning/nac and certificate authority on the ISE, as well as PXGr=
id into InfoBlox, NetScout, F5, APIC-EM, and Cisco Prime 3.1=0A=
=0A=
-----Original Message-----=0A=
From: Rheams, Doug [mailto:doug.rheams@franklintempleton.com] =0A=
Sent: Friday, October 6, 2017 3:01 PM=0A=
To: Christopher J. Wolff <cjwolff@nola.gov>; Mann, Jason <jamann@mt.gov>=0A=
Cc: nanog@nanog.org=0A=
Subject: RE: Cisco ISE=0A=
=0A=
We started at version 1.4 and we're up to 2.1 now but it's just for tacacs =
and certificate auth without any profiling or posturing. I agree it hasn't =
been the easiest product but it's working. What type of issues are you runn=
ing into? =0A=
=0A=
-----Original Message-----=0A=
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Christopher J. Wo=
lff=0A=
Sent: Friday, October 6, 2017 1:54 PM=0A=
To: Mann, Jason <jamann@mt.gov>=0A=
Cc: nanog@nanog.org=0A=
Subject: Re: Cisco ISE=0A=
=0A=
Proceed with extreme caution. You may want to have that end of life ACS de=
ployment bake for another six months. You will want to have the highest le=
vel of Cisco engineering engaged should you choose to go this direction.=0A=
=0A=
On Oct 6, 2017, at 3:48 PM, Mann, Jason <jamann@mt.gov<mailto:jamann@mt.gov=
>> wrote:=0A=
=0A=
As would I. We are going to start a project that is replacing ACS 5.7 with =
ISE 2.X=0A=
=0A=
-----Original Message-----=0A=
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Christopher J. Wo=
lff=0A=
Sent: Friday, October 6, 2017 2:41 PM=0A=
To: nanog@nanog.org<mailto:nanog@nanog.org>=0A=
Subject: Cisco ISE=0A=
=0A=
Is anyone successfully deploying ISE 2.X? I'm six months into it on about =
10,000 endpoints and it seems like it's a highly challenged product. I'd l=
ove to hear your experiences on or off-list. Thanks in advance.=0A=
Notice: All email and instant messages (including attachments) sent to or =
from Franklin Templeton Investments (FTI) personnel may be retained, monito=
red and/or reviewed by FTI and its agents, or authorized law enforcement pe=
rsonnel, without further notice or consent.=0A=
.=0A=
=0A=
