I am a huge fan of Cisco ISE and Trustsec. I have done a few live implementations as well as at home (anyone should run Trustsec at home! 
). There will probably be a lot of ISE-related posts here in the near future.
Here I just want to reflect on how well the built-in profiler works in ISE (1.04). I have run the profiler for a few days now and have automatically gathered a complete list of devices in my home network. From here I can build my 802.1x authorization policies to give granular access to devices of a specific type, rather on plain user-based 802.1x.
For example: All NintendoWII-devices will automatically get Internet-only access. The HP-Device can be automatically moved to the Printer-Vlan (which does only have access to elsewhere on the jetdirect-ports) and the Microsoft Workstations should only get access to the core network if they are successfully authenticated via EAP-TLS. The sky is the limit…
