Walking on thin ISE - 802.1x and so much more
Updated November 09, 2020

Walking on thin ISE - 802.1x and so much more

Simon Watkins | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Cisco Identity Services Engine (ISE)

For many years, there has been a lack of focus on the security of the corporate Local Area Network. Typically as a user you could connect any devices onto a network via any free patch points, get an IP address and then potentially access network resources. With compliance and security in mind, this is now not considered an acceptable position and a consistent security posture need to be applied to any device connecting to any portion of the network whether it be wired or wireless.
  • Dot1x NAC
  • Profiling
  • Posturing - there are many other MDM solutions in the marketplace
  • Policy creation and libraries can be difficult to navigate
  • Adds another layer of security on the LAN and wireless networks
  • Ability to effectively manage Cisco network devices with the assurance that all actions are logged
These are two completely different products however there is some cross-over in terms of tracking endpoints on the network. These products would complement each other in as much as the Cisco Prime would be used to manage the network (and use ISE credentials to access network devices for example) and the Cisco ISE would ensure that only authorized users would have access to the network. Security is all about providing layers of defense on the network and it not about deploying single-point solutions and hoping that these can be relied on for sufficient security.
Cisco support is second to none, both in terms of how you access support but also the knowledge of the individual support teams. If you focus on one technology and provide "manufacturer support" then you can rest assured that you are accessing Cisco's top individuals.

I feel like this is a USP for Cisco support.

Do you think Cisco Identity Services Engine (ISE) delivers good value for the price?

Yes

Are you happy with Cisco Identity Services Engine (ISE)'s feature set?

Yes

Did Cisco Identity Services Engine (ISE) live up to sales and marketing promises?

Yes

Did implementation of Cisco Identity Services Engine (ISE) go as expected?

Yes

Would you buy Cisco Identity Services Engine (ISE) again?

Yes

We deploy Cisco Identity Service Engine (ISE) to provide the following types of services:
  • Network device administration - provide AAA services (Authentication, Authorization & Accounting) for any IT users who need to access Cisco routers, switches and firewalls
  • 802.1x - Network Access Control for any users accessing the network as a wired, wireless or VPN client
  • Profiling services - used to profile new devices on the network and is particularly useful for devices that do not support 802.1x (e.g. some IP phones)
  • A whole host of other functionality is available with particular use cases
I do think that Cisco ISE may not be appropriate for really small networks, due to the purchase costs and complication of management.