cisco-docs
Cisco References — NAC, ISE, TrustSec & Network Segmentation
This section lists key Cisco documentation related to NAC, ISE, TrustSec, and network segmentation. These resources provide authoritative guidance on architecture, deployment models, access methods, and operational considerations that impact latency, enforcement timing, and reliability.
Cisco ISE & NAC Architecture
Cisco Identity Services Engine (ISE) Product Overview Official overview of Cisco ISE capabilities and use in zero trust NAC. https://www.cisco.com/c/en/us/products/security/identity-services-engine/ise-ds.html
Cisco Identity Services Engine (ISE) Support & Configuration Guides Collection of installation, admin, and deployment guides for Cisco ISE. https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-installation-and-configuration-guides-list.html
Cisco ISE Performance and Scalability Guide Sizing, scaling, and performance recommendations for ISE deployments. https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html
Cisco ISE Installation Guide, Release 3.x Architecture, node types, and deployment models for distributed ISE. https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/install_guide/b_ise_InstallationGuide31.html
802.1X, MAB & Fallback Behavior
These references cover authentication methods and fallback mechanisms whose behavior can be influenced by NAC latency and enforcement logic.
Configuring IEEE 802.1X Port-Based Authentication (Catalyst Switch Guide) Official configuration and behavior explanation for 802.1X and fallback logic. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9600/software/release/17-18/configuration_guide/sec/b_1718_sec_9600_cg/configuring_ieee_802_1x_port_based_authentication.pdf
Cisco MAC Authentication Bypass (MAB) Support Content High-level description of MAB functionality on Cisco devices. https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-2mt/sec-config-mab.html
MAC Authentication Bypass Deployment Guide (Legacy) Design considerations and operational context for MAB. https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/MAB/MAB_Dep_Guide.html
TrustSec & Network Segmentation
Documents and guides related to Cisco TrustSec and tagging-based segmentation.
Cisco TrustSec Configuration Guide (Catalyst 9600) Includes endpoint admission control and authentication ordering (802.1X, MAB, WebAuth). https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9600/software/release/17-18/configuration_guide/cts/b_1718_cts_9600_cg/configuring_endpoint_admission_control.html
(Note: Cisco TrustSec design and deployment materials are also available on the Cisco official site; select product pages with current versions are accessible via the Cisco Support portal.)
Operational Impact & Troubleshooting
These resources relate to performance, timeout behavior, and troubleshooting NAC-related issues, including latency-driven operational failure modes.
Cisco ISE Performance, Scalability & Best Practices Session (Cisco Live) Insights on scaling ISE profiling, 802.1X, and MAB in operational environments. https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2024/pdf/BRKSEC-2091.pdf
(Note: Official Cisco troubleshooting guides on RADIUS timeouts and retransmission best practices are accessible through Cisco Support search but do not always have fixed permanent URLs. Users should search “ISE RADIUS timeout best practices” within Cisco Support for current content.)
Architectural Note
Cisco documentation typically assumes:
Low inter-node latency
Predictable identity store response times
Deterministic enforcement behavior
In real-world environments where these assumptions are challenged by latency and control-plane complexity, you must:
Derate scale guidance
Treat fallback and fail-open behavior as security-critical
Evaluate NAC enforcement as a security-time control
Vendor reference architectures describe supported behavior, not infallible security under latency.
Last updated