Cisco Identity Services Engine – Network Access Control (NAC)

Cisco Identity Services Engine is a network access control and policy platform that helps organisations authenticate users and endpoints and manage access across enterprise networks. It applies identity and device context to enforce access policies across wired, wireless and VPN environments, supporting clearer visibility and tighter segmentation.

SKU Cisco-Identity-Services-Engine Categories , Brand:

Cisco ISE Overview

Controlling network access now depends on verifying users, devices and endpoint state at every entry point before trust is granted.

Network Access Control for Cisco Environments

Cisco Identity Services Engine is a network access control and policy platform for wired, wireless and VPN environments. It authenticates users and endpoints, then applies access rules based on identity and context across enterprise network domains.

Policy Enforcement at the Point of Access

In production, Cisco Identity Services Engine works where access begins. It uses RADIUS, TACACS+, 802.1X and MAB to control who connects, while posture services help restrict devices that do not meet policy. In campus and branch networks, endpoint profiling turns unknown devices into known assets before permissions are assigned.

Visibility, Segmentation and Controlled Access

The result is clearer visibility into who and what is on the network, with stronger control over guest, contractor and BYOD access. It also supplies identity groups and policy context for Cisco SD-Access segmentation, and supports compliance-based containment when devices need to be limited or quarantined.

If you are evaluating Cisco Identity Services Engine, our team can help you assess fit for access control, segmentation and endpoint policy in your environment.

Cisco ISE Key Features​

Cisco Identity Services Engine is a network access control and policy platform for enterprise networks that verifies users and endpoints, applies identity-aware access rules, and supports segmentation across wired, wireless, VPN, and other domains.

Control Network Access by Identity

802.1X, MAB, and RADIUS Enforcement
The platform uses RADIUS, TACACS+, 802.1X, MAB, and posture services to authenticate users and devices before granting access across wired, wireless, and VPN entry points.

Endpoint Posture Evaluation
It checks device context and posture so security teams can restrict risky endpoints from sensitive network segments and apply compliance-based access decisions.

Device Profiling and Visibility
Cisco Identity Services Engine helps identify unknown endpoints, IoT devices, and unmanaged systems so network teams can assign permissions based on observed device identity.

Guest and Contractor Access Control
The platform supports temporary access workflows for visitors and partners while preserving internal network controls through policy-based authentication and authorization.

Segment Networks With Policy Context

Identity-Driven Segmentation
Cisco Identity Services Engine provides identity groups and policy context for Cisco SD-Access segmentation so teams can enforce access rules without manually managing VLANs everywhere.

TrustSec and pxGrid Integration
It integrates with TrustSec and pxGrid to share identity and policy information across Cisco security and networking tools for coordinated enforcement.

Directory and Endpoint Platform Integration
The platform integrates with Active Directory, LDAP, and MDM or UEM systems so access decisions can reflect user identity and managed device context.

Speak to a Cisco Security Specialist

If you need consistent network access control, device visibility, or identity-based segmentation, our Cisco experts can help map Cisco Identity Services Engine to your wired, wireless, VPN, and zero-trust requirements.

Cisco ISE Use Cases

Network Access Control

Used at wired, wireless and VPN entry points, Cisco Identity Services Engine authenticates users and endpoints with 802.1X, MAB, RADIUS and TACACS+, then applies identity- and context-based access policies so each connection is admitted, limited or blocked according to the organisation’s rules.

Device Profiling and Visibility

Applied in campus and branch networks, Cisco Identity Services Engine uses network telemetry and profiling services to identify connected endpoints, classify unknown devices and feed that context into access policy decisions, giving IT clearer visibility before permission is granted.

Guest and Contractor Access

For temporary users, Cisco Identity Services Engine provides sponsor-led guest portals and controlled onboarding workflows, allowing contractors and visitors to get short-term network access with separate policies instead of standard employee credentials or broad internal access.

BYOD Policy Enforcement

For personal device onboarding, Cisco Identity Services Engine combines identity checks, certificates, posture assessment and policy enforcement to register BYOD devices safely and keep them segmented from managed corporate endpoints across wired, wireless and VPN access.

Software-Defined Access Segmentation

In Cisco SD-Access environments, Cisco Identity Services Engine supplies identity groups, TrustSec policy context and segmentation data to Cisco Catalyst Center, enabling identity-driven fabric access control and zero-trust segmentation across the network.

Compliance-Based Endpoint Access

Where access depends on endpoint state, Cisco Identity Services Engine runs posture services and compliance rules to verify device health before granting connectivity, and can restrict, quarantine or remediate devices that fail policy requirements.

Supported Cisco ISE Environments & Integrations

Wired, Wireless & VPN Access Environments

Cisco Identity Services Engine authenticates users and endpoints with RADIUS, TACACS+, 802.1X and MAB across wired, wireless and VPN entry points.

Posture and Compliance Enforcement

Supports posture services and policy rules to assess endpoint state and restrict or quarantine devices that do not meet requirements.

Device Profiling & Network Telemetry

Uses network telemetry to profile unknown endpoints in campus and branch networks before access policies are applied.

Guest, Contractor & BYOD Access Workflows

Provides sponsor, portal and certificate-based onboarding workflows for temporary users and personal devices without exposing employee access.

Cisco SD-Access, TrustSec & Catalyst Center

Integrates with Cisco SD-Access, TrustSec and Catalyst Center to supply identity groups and policy context for fabric segmentation.

Directory, MDM/UEM & Cisco Security Ecosystem

Connects with Active Directory, LDAP, MDM/UEM platforms, pxGrid and Cisco security tools to align identity-driven policy across the Cisco ecosystem.

Cisco ISE Licensing Options

Essentials

Cisco Identity Services Engine Essentials provides the base licensing for AAA, 802.1X and MAB, alongside guest access, basic profiling, posture, BYOD, MyDevices and TrustSec policy enforcement.

Advantage

Cisco Identity Services Engine Advantage adds full endpoint analytics, full posture compliance, TrustSec policy authoring and threat-centric NAC for SDA, segmentation and richer policy-driven access control.

Premier

Cisco Identity Services Engine Premier includes TACACS+ device administration, together with certificate provisioning at scale and full SDA Day 2 operations where applicable.

Device Admin

Cisco Identity Services Engine Device Admin provides per-network-device licensing for TACACS+ administration when command authorisation and accounting are needed for a smaller set of managed devices.

Subscription and VM Licensing

Cisco Identity Services Engine is licensed per active endpoint connected concurrently on any given day, sold as 1-, 3- or 5-year subscriptions and deployed on physical appliances or virtual nodes.

Enterprise Agreement Alignment

Cisco Identity Services Engine supports Cisco Smart Licensing through Smart Account or Virtual Account, and endpoint counts may be pooled under Cisco Security EA 3.0 with True Forward.

Cisco ISE Implementation and Support

Solution Design & Planning

We help assess Cisco Identity Services Engine requirements for wired, wireless and VPN access, so your organisation can define clear policies for users, devices, guests and contractors before deployment begins.

Deployment & Configuration

Our team can assist with Cisco Identity Services Engine installation, initial configuration and policy setup, including access rules, onboarding flows and endpoint checks aligned to your operating model.

Integration with Existing Environments

We support integration of Cisco Identity Services Engine with Active Directory, MDM or UEM platforms, pxGrid, Cisco Catalyst Center and Cisco SD-Access to align identity controls with your existing network and security environment.

User Adoption & Operational Readiness

We can help prepare network and security administrators to manage Cisco Identity Services Engine day to day, with handover, operational process alignment and guidance for guest, BYOD and access approval workflows.

Ongoing Support & Lifecycle Management

We support Cisco Identity Services Engine with ongoing technical assistance, environment reviews, licence alignment, renewal planning and lifecycle guidance so your deployment remains manageable over time.

Commercial Optimisation & Support for Cisco ISE

Subscription & Licence Reviews

We help review Cisco Identity Services Engine subscriptions against peak active endpoint usage and the capabilities needed for wired, wireless, VPN, guest, BYOD, profiling and posture-based access, so the tier mix stays aligned to day-to-day demand.

Enterprise Agreement Alignment

Where relevant, we can assess Cisco Smart Licensing and Security EA 3.0 alignment across ISE and adjacent Cisco security investments, helping you keep endpoint counts, renewal visibility and portfolio planning coordinated within a wider Cisco estate.

Commercial Optimisation

Our team can assess whether Essentials, Advantage, Premier or Device Admin coverage best matches your access control priorities, including TACACS+ administration, SDA, TrustSec, posture and MDM requirements, so commercial spend reflects the level of control you need.

Renewal Planning & Lifecycle Management

We support proactive renewal planning by reviewing changing endpoint volumes, virtual node requirements, mixed physical and virtual estates, and co-term dates, helping you maintain a clear view of future ISE requirements as the environment evolves.

Adoption & Value Realisation

Successful network access control depends on steady adoption and ongoing optimisation, and we help customers maximise value from Cisco Identity Services Engine through usage review, policy alignment and lifecycle guidance that keeps the service relevant as needs change.

Related solutions for Cisco ISE

The software and technologies listed here support different requirements and are often used together as part of a wider IT stack.

As an official partner to vendors including Cisco, Juniper, HPE and Fortinet, we can help confirm which software or combination provides the capabilities your team needs, while avoiding under- or over-licensing.

Not sure which software or licensing tier you need?

Speak to our team for help matching the right solution and licence level to your requirements.

Need a clearer view of your software costs?

We can review your current setup, licensing and renewal cycle to check whether your software is still doing what you need, where costs can be reduced, and where administration can be simplified.