FreeRADIUS vs Cisco® ISE

Many IT admins and DevOps engineers considering how to manage their access to networking infrastructure will compare FreeRADIUS vs Cisco® ISE. While both solutions are technically RADIUS servers, each making use of the RADIUS protocol to connect user identities to networking infrastructure, they also serve very different purposes. 

This blog will help to illuminate the differences between FreeRADIUS and Cisco ISE while providing the basis for if the comparison is an apt one or not. 

Cisco ISE

In short, Cisco’s highly expensive Identity Services Engine (ISE) is effectively more of a policy engine that decides who should access the network through a variety of data points, and then executing on those through tight integration with Cisco networking gear. A portion of that process involves the on-board RADIUS server to pass authentications from systems and devices to a directory service.

Once users are on a Cisco ISE-controlled network, the biggest benefit to IT admins is network visibility. At a moment’s notice, an IT admin or DevOps engineer can see who is connected to the network, what sort of device they’re using (personal or work-issued), where they’re located, if the connection is wired or wireless, the types of applications that they are using and much more. All of this info is presented in a graphical user interface so admins just point and click to find out what is happening on their networks. 

The major drawback to Cisco ISE has to do with price. Aside from cost, when you utilize the Cisco ISE platform you’re going to need to utilize a range of Cisco-based products, which could ultimately lead to vendor tie-in.  

FreeRADIUS 

On the other hand, FreeRADIUS is an open source solution that is perhaps the most robust RADIUS server on the planet. Available for free, the solution only requires your time and technical expertise to implement. The focus of FreeRADIUS is not to decide access as a policy engine, but rather it is able to take inputs from other solutions, mainly an identity provider (IdP), to execute on access control. 

FreeRADIUS will not provide (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: https://jumpcloud.com/blog/freeradius-vs-cisco-ise/