Cisco has three different products for similar proposes but with some differences: NAC, ACS and ISE.
NAC – Network Access Control
Features: AAA, Evaluate and Remediate for endpoints
Cisco NAC provides Network Access Control for the devices connecting to the network through 802.1x. It can put devices into Quarantine.
There are two additional modules: NAC Guest Server to provide client less web authentication for Guests and NAC Profiles, currently EOL.
- Cisco NAC Server (stand alone appliance)
- Cisco NAC Manager – To manage the servers
- Cisco NAC Agent – For the endpoints. Supports Windows and MAC OS
ACS – Secure Access Control System
Features: NAC / AAA for endpoints and TACACS+ for network device access control
It can run over SNS Servers or as a VMWare application.
ISE – Identity Services Engine
Features: NAC / AAA for endpoints, Guest Access, Device Profiler, Trust sec role based classification, BYOD features, Endpoint posture and autoremediation, MAC Sec (L2 encryption)
Note: It doesn’t provide TACACS+ service for network device access control (it’s not a replacement for ACS for that feature)
It can run on SNS servers or as a VMWare application.
Three different kind of roles that can be distributed in different application instances or in the same instance, depending on the deployment model.
- PAN – Policy Administration Node
- PSN – Policy Service Node
- MNT – Monitoring and Troubleshooting Node
Deployment methods (not updated)
- Base: permament and included in the application. Include Basic Radius AAA, MAC auth, Web auth, Guest portal.
- Advanced: subscription. provides profiling, posture (endpoint compliance and remediation), BYOD and security group access
- Wireless: All the services provided by Advanced license, but only for Wireless devices
- Wireless upgrade: Upgrade of the wireless license to cover wired devices as well.
Secure Network Servers (SNS)
Hardware servers provided by Cisco to run any of the secure applications
- Cisco Secure Network Server 3415 (Small) – 5000 endpoints – Supports ISE, ACS and NAC
- Cisco Secure Network Server 3495 (Large) – 20.000 endpoints – Suppost ISE and NAC