Re: Juniper UAC vs.. Cisco ISE

RadiusAttributes · ‎01-15-2013

Hi ;

I have finished a few juniper nac projects , but now a days i deal with cisco ise and

cisco looks smarter .Also juniper don't improve nac , for example there's no profiling for mac auth devices ,

or any interface for byod. yes....you can do it with but need lot's of configuration steps.

what do you think about juniper and cisco ise

Thanks

Christian_ · ‎01-15-2013

Hello,

same tests from our side, because we are fed up of features annouced by Juniper "in the next release" but never available. We think ISE is smarter too. We are a Juniper customer since several years but products are no more "sexy"...

vclement_ · ‎01-28-2013

Hi,

For the "BYOD" or "mac-auth" table needs, Juniper is now in partnership with GreatBay Software, which product is dedicated to this need (scan and profiles all mac-adresses on network, and create an LDAP directory matching MAC/Profiles to be reached by UAC).

This solution is now available for installation on SM-MAG modules (a little bit expensive maybe, but it does the job.)

I actually use a lot Juniper UAC, have you more examples of what is better on Cisco/missing on Juniper?

jspanitz_ · ‎02-01-2013

If Juniper were smart they would QUICKLY acquire Forescout and their CounterACT product. We've used Cisco and demod Juniper and all I can say is buying CounterACT was the best move we made. Please buy them Juniper

vclement_ · ‎02-01-2013

As I said, Juniper just had a partnership with Great Bay Software, which seems to be the same kind of product than your CounterATC.

It works very well and is available on MAG SMs since a few weeks.

RadiusAttributes · ‎02-07-2013

Hi ;

the advantages of cisco and juniper

Cisco screens're smarter

Cisco has own reporting tool

Cisco has integrated profiling

juniper

more flex

advanced radius function

srx integration

RadiusAttributes · ‎03-21-2014

Hi ;

I wanna add some extra notes ,

Cisco ise does not support two or more AD for external Identidy source , you need to define

ldap for addtional ad support but ldap does not support peap protocol you need to use eat tls

Also Cisco could not use different certificate for every ID

Cisco ise does not support accounting you need define accounting on Radius Client devices.

Cisco support sxp protocol for auhentication information exchange this protocol will be IEE standart protocol so

cisco switches and firewall support this feature now

Cisco has huge documentation and golden labs , that's great for network admins.

Also Cisco prime network management gets extra visibility about network

Base license is too cheap ,you can do most of feautere with base license .And you

can buy enough advanced license that you need. But advanced license has time range 3 or 5 years options

Juniper supports reporting in new release

Juniper supports accounting

Juniper use if-map instead of sxp , i think sxp more powerfull than if-map

Juniper still does not support onboard profiling solution ,they use beacon for profiling

The biggest missing part of juniper that you could not define policy about user and user profiling device same time.

for examle if user name x and device iphone assign y vlan.you can do it with cisco ise

There's no time time limitation for licensing but you could not use same device for AD(802.1x ) and Adncanved license on same box.Also profiling need extra license .

Both solution does not support TACACS protocol