Discussion:
[c-nsp] OT: Radius -- ISE vs MS NPS
Scott Voll
2011-08-23 15:09:09 UTC
Permalink
Anyone have any comments pro or con for either ISE or NPS when it comes to
Radius service?

I will be using it for VPN users, Wireless Access, and infrastructure
access.

TIA

Scott
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Ian Henderson
2011-08-24 04:12:01 UTC
Permalink
Post by Scott Voll
Anyone have any comments pro or con for either ISE or NPS when it comes to
Radius service?
NPS is exceptionally easy to get running. It works well if all your authentication stores are in AD. By default, it can't authenticate via any other means. While ISE is a tad trickier to get running, it can do all sorts of things with an if-then-else structure and multiple authentication sources.

ISE does a lot more than just RADIUS - if thats all you're after, its quite a cost. For all the other things it does (posture assessment, profiling, guest access, centralised management and logging, etc) it looks pretty good. (Note its still cool-lab-toy status here, so we haven't really /used/ it yet).

Rgds,



- I.
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Loading...