cancel
Showing results for 
Search instead for 
Did you mean: 

Juniper UAC vs.. Cisco ISE

Highlighted
Contributor

Juniper UAC vs.. Cisco ISE

Hi ;

I have finished a few juniper nac projects  , but  now a days i deal with cisco ise and 

cisco looks smarter  .Also juniper don't improve nac   , for example there's no profiling for mac auth devices  , 

or any interface for byod.  yes....you can do it with but need lot's of configuration steps.

what do you think about juniper and cisco ise

Thanks

6 REPLIES 6
Highlighted
Occasional Contributor

Re: Juniper UAC vs.. Cisco ISE

Hello,

 

   same tests from our side, because we are fed up of features annouced by Juniper "in the next release" but never available. We think ISE is smarter too. We are a Juniper customer since several years but products are no more "sexy"...

Highlighted
Occasional Contributor

Re: Juniper UAC vs.. Cisco ISE

Hi,

 

For the "BYOD" or "mac-auth" table needs, Juniper is now in partnership with GreatBay Software, which product is dedicated to this need (scan and profiles all mac-adresses on network, and create an LDAP directory matching MAC/Profiles to be reached by UAC).

 

This solution is now available for installation on SM-MAG modules (a little bit expensive maybe, but it does the job.)

 

I actually use a lot Juniper UAC, have you more examples of what is better on Cisco/missing on Juniper?

Highlighted
Frequent Contributor

Re: Juniper UAC vs.. Cisco ISE

If Juniper were smart they would QUICKLY acquire Forescout and their CounterACT product.  We've used Cisco and demod Juniper and all I can say is buying CounterACT was the best move we made.  Please buy them Juniper Smiley Happy

Highlighted
Occasional Contributor

Re: Juniper UAC vs.. Cisco ISE

As I said, Juniper just had a partnership with Great Bay Software, which seems to be the same kind of product than your CounterATC.

It works very well and is available on MAG SMs since a few weeks.

Highlighted
Contributor

Re: Juniper UAC vs.. Cisco ISE

Hi ;

the advantages of cisco and juniper 

 

Cisco screens're smarter

Cisco has own reporting tool

Cisco has integrated profiling

 

juniper

more flex

advanced radius function

srx integration 

 

 

 

Highlighted
Contributor

Re: Juniper UAC vs.. Cisco ISE

Hi ;

I wanna add some extra notes  ,

 

Cisco ise does not support  two or more AD for external Identidy source , you need to define 

ldap for addtional ad support but ldap does not support peap protocol you need to use eat tls

Also Cisco could not use different certificate for every  ID

Cisco ise does not support accounting you need define accounting on Radius Client devices.

Cisco support sxp protocol for auhentication information exchange this protocol will be IEE standart protocol so 

cisco switches and firewall support this feature now

Cisco has huge documentation and golden labs , that's great for network admins.

Also Cisco prime network management gets extra visibility about network 

Base license is too cheap ,you can do most of feautere with base license  .And you 

can buy enough advanced license  that you need. But advanced license has time range 3 or 5 years options

 

Juniper supports reporting in new release 

Juniper supports accounting 

Juniper use if-map instead of sxp  , i think sxp more powerfull than if-map

Juniper still does not support onboard profiling solution ,they use beacon for profiling

The biggest missing part of juniper that you could not define  policy about user and user profiling device same time.

for examle if user name x and device iphone assign y vlan.you can do it with cisco ise

 There's no time time limitation for licensing but you could not use same device for AD(802.1x ) and Adncanved license on same box.Also profiling need extra license .

 

 

 

 Both solution does not support TACACS protocol