In an ongoing effort to maintain a secure campus infrastructure, WOU had planned to upgrade our Cisco NAC (network access control) to ISE (Identity Services Engine).
I am sad to report that this upgrade will not be in place for Fall Term.
During the implementation (in a test environment), we ran into numerous large bugs that prevented us from properly configuring ISE to required end-points (laptops, etc…) to authenticate (login) and posture (client scan for updates, AV, etc…).
In reality, ISE is not a direct cut-over from NAC. Authentication is handled much differently, and I believe that ISE is tuned for a 802.1x environment. Though our experience with 802.1x was limited, we tried to implement it after our 3rd ISE design change. It was not a pleasant experience. Again, in another environment (VPN, corporate, …) it surely works well and cleanly – but not here.
We will continue to run NAC. We have tidy-ed it up a bit and will continue to monitor the much-needed improvements to ISE 1.2.x, expected in late January.