08-10-2012 07:31 PM
We are considering replacing our Cisco ACS TACACS environment that is used to authenticate our network admins into our Cisco devices. Does anyone have a side by side feature comparison of Cisco ACS 5.3 and ClearPass?
08-11-2012 08:57 AM
Full Multivendor support is the first key.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
08-13-2012 12:18 PM
Jon, one thing to remember is that ClearPass is an entire platform for identity management and BYOD, so there are many things that ACS simply does not do or will not do like be a Certificate Authority, support device profiling, endpoint health verification, automate device 802.1x configuration, etc, etc.
We use the same policy engine in ClearPass Policy Manager (CPPM) for AAA and TACACS+, so all of the benefits and flexibility of the rules engine extend beyond AAA.
Cisco has already shown that its identity/AAA/NAC future lies in the ISE product line, ACS is only around still because of the legacy install base and the lack of TACACS+ on ISE (even though its their protocol).
I would encourage you to request an evaluation of CPPM so you can see just what a powerful platform it is. And I think there in is the main point of comparision between ACS and CPPM: One is a legacy product propping up limitations in other product lines and one is a platform for providing mobility centric access control, BYOD, and guest access. If you think that your identity and access control needs are going to go beyond TACACS+ moving forward, then I think considering alternatives to ACS is a must.
Feel free to reach out if you want to get in touch with a local account team to help you wiht an evaluation