said by HELLFIRE:
You'd have to look up the NAC / Clean Access product page here for more info.
ise is the way to go.
its a central policy server that is tied into the switch, rather than with the bulky cam/cas architecture that can create some route/switch trickery requirements. also -- you'll need to work with a cisco advanced technology partner for ise (or at least you used to) as the part numbers are restricted for ordering. however -- its much nicer to work with from a central policy management perspective (and very straightforward from a user-policy perspective).
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."