Clean Access and ISE both provide NAC
services. What exactly is the is the difference between Cisco Clean
Access and Cisco Identity Services Engine?
Clean Access provides end-point authentication and compliance. It
uses essentially SNMP for the authentication and the authorization
phase. It uses flexible agent rules for compliance, which make up part
of the NAC support in the product.
Clean Access uses server enforcement points on the network to segment
the traffic between trusted and untrusted zones. Depending on which
architectural method is chosen, the user essentially authenticates thru
the Clean Access Servers and is placed on the trusted part of the
network. Compliance (NAC) rules are checked from the host against the
server to ensure the client is meeting the compliance requirements.
ISE uses 802.1x for end-point authentication. The enforcement points
are (traditionally) layer-2 switches, but can be any device that
supports the Radius Change of Authorization attribute. There is no
enforcement server that sits on the network. The network itself is the
enforcement point.
The end-point compliance (NAC) on ISE works almost exactly like Clean
Access. The end-point thru an agent contacts the ISE server to check
against compliance rules and ensure the end-point meets the requirements
to be on the network.
You
might also like these recent post -
Cisco Identity Services Engine - Now your network know "who you are" - Read This
Wireless Redefined with new 802.11ac - Read This
Aruba Virtual Branch Network (VBN) explained - Read This
OpenFlow/
Software Designed Networking - What & What Not - Read This
Voice
over IP (VoIP) is for war zones - Read This
Found it useful, Consider
sharing it with your friends -