overview

What is ISE


Cisco Identity Service Engine (ISE) is a RADIUS server that provided centralized policy and management for users and devices wanting to connect to network and access resources.

RADIUS (Remote Access Dial-In User Service) is an AAA (Authentication, Authorization, and Accounting) Protocol that manages network access.

  • Authentication - Who are you? Verifying a user's or device’s identity.
  • Authorization - What are you allowed to do? Granting permission for specific actions or access based on the authenticated identity.
  • Accounting - What did you do? Tracking user or device activity on the network.

What ISE Does


  • Authentication - Validates users and devices before allowing access to the network.
  • Authorization - Applies access policies based on user identity, device type, location, etc.
  • Accounting - Tracks network activity and user sessions.
  • Profiling - Automatically identifies and classifies connected devices (IoT, BYOD, etc.).
  • Posture - Assessment Checks device compliance (e.g., antivirus status) before granting access.
  • Guest Access - Manages temporary, secure access for visitors.

Use Cases of ISE


  • Secure Wi-Fi and wired access
  • Manage corporate and personal devices (BYOD)
  • Enforce security posture policies (e.g., antivirus or OS patch compliance)
  • Provide guest access portals
  • Integrate with SIEM, firewalls, and threat detection tools

How It Works (Simplified Flow)


  1. A device connects to the network (wired, wireless, or VPN).
  2. Cisco ISE receives an access request via RADIUS (from a switch, WLC, etc.).
  3. ISE:
    • Authenticates the user/device (e.g., via Active Directory)
    • Profiles the device (e.g., OS, vendor)
    • Checks policy conditions (who, what, where, posture)
    • Authorizes access (e.g., VLAN assignment, ACLs)
    • Logs session info (accounting)
If the device fails checks, ISE can quarantine it, block it, or redirect it for remediation.

ISE Support and Compatibility


ISE Virtual appliances are supported on the following on-premise and cloud platforms: 

  • VMware ESXi 6.5, 6.7 and 7.x
  • KVM on Red Hat 7.x
  • Microsoft Hyper-V on Microsoft Windows Server 2012R2 and later
  • Nutanix AHV
  • VMware Cloud
  • Amazon Web Services
  • Azure Web Services

For ISE physical appliance details please refer to the Cisco Secure Network Server datasheet.

Where all ISE can be installed?

ISE Licensing Model


Licensing Model for ISE 3.X
BOM for ISE. Visit http://ise-bom.cisco.com
ISE BOM


BOM for ISE. Visit http://ise-bom.cisco.com

resources

Reference


Faqs


What are the data collection methods used by Cisco ISE for Device Profiling? 

Primary Collection Method

  • DHCP | DNS | HTTP | RADIUS | NMAP | SNMP | AD | Netflow

Device Sensor

  • CDP | LLDP | H323 | SIP | MDNS 

Cisco Secure Client 

  • AnyConnect Identity Extensions (ACIDex)

NOTE: ISE has 550 built-in device profiles.

Configuration


Report abuse