Cisco ISE and Cisco Secure ACS Parity
Cisco ISE introduces the following features to achieve parity with Cisco Secure ACS.
-
Disable user account if the configured date exceeds a specific period for individual users
-
Disable user account if the configured date exceeds a specific period for all the users globally
-
Disable user accounts after n days of configuration globally
-
Disable user accounts after n days of inactivity
-
Support for IP address range in all the octets for the network device
-
Configuration of network device with IPv4 or IPv6 address
-
Configuration of external proxy servers with IPv4 or IPv6 address
-
Support for maximum length of Network Device Group (NDG) name
-
Support for time and date conditions
-
Support for service selection rules, authentication rules, and authorization (standard and exception) rules with compound conditions having AND and OR operators
-
MAR configuration in Active Directory
-
Dial-in attribute support
-
Enable password change for LDAP
-
Configuration of primary and backup LDAP server for each PSN
-
Configuration of RADIUS ports
-
Authorization profile configured with dynamic attribute
-
Two new values for the service-type RADIUS attribute
-
Increased internal user support for 300,000 users
-
Internal users authorization cache
-
Authenticate internal users against external identity store password
-
Dictionary check for passwords of admin user and internal user
-
Crytobinding TLV attribute support for allowed protocols
-
Use of length included flag while performing EAP-TLS authentication against a Terminal Wireless Local Area Network Unit (TWLU) client
-
Common Name and Distinguished Name support for Group Name attribute for LDAP Identity Store