We are wanting to do per-user ACLs on our VPN, and it's looking like downloadable ACLs aren't going to scale well enough to really be usable. I haven't ever really used a NAC or anything like that, but ISE looks like it should work. Anyone know a good starting point? I think I can do this without any software on the device it self unlike a normal NAC though.
I haven't read it myself but this looks like where I'd start
http://www.ciscopress.com/store/ccnp-security-sisas-300-208-official-cert-guide-9781587144264
I'm getting sent on ISE training in March. Not sure whether to be happy or sad LOL
ISE does its thing with 802.1X. Forescout CounterACT does its thing with either 802.1X or straight CLI or SNMP commands. Both can do per-user ACLs, but it may scale better to use group ACLs. Talk about your requirements some more...
Sent from my SM-N900P using Tapatalk