cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1945
Views
0
Helpful
3
Replies

CISCO ISE 2.3 Extreme Switches

Richard Lucht
Level 1
Level 1

We have some Extreme switches in our environment and we use Tacacs to authenticate admin access to those switches.  We are phasing out the Tacacs and we are trying to replace the switches as fast as we can.  For the time being the tacacs will be gone before we can get the Extremes replaced.  We are using Cisco ISE to authenticate access into our Cisco and Juniper switches.  We would like to try using ISE to access Extreme switches.  I have on my lab desk that I am using our test ISE vm to set up access into the switch.  I am trying radius first then tacacs.  Has anyone tried this before and have they been successful?  Looking for some guidance.

1 Accepted Solution

Accepted Solutions

Craig Hyps
Level 10
Level 10

Yes, there are different teams that have tested Extreme.   Features and support depend on the switch capabilities.  Many of the Extreme switches do not support RADIUS CoA, so for flows that require CoA you must rely on SNMP CoA. Be aware of

CSCvd06733Need to support Extreme switch SNMP CoA with ISE

If RADIUS CoA is not an option and CoA is required, there is plan to address via a patch but would require TAC to obtain.

Craig

View solution in original post

3 Replies 3

Craig Hyps
Level 10
Level 10

Yes, there are different teams that have tested Extreme.   Features and support depend on the switch capabilities.  Many of the Extreme switches do not support RADIUS CoA, so for flows that require CoA you must rely on SNMP CoA. Be aware of

CSCvd06733Need to support Extreme switch SNMP CoA with ISE

If RADIUS CoA is not an option and CoA is required, there is plan to address via a patch but would require TAC to obtain.

Craig

I was able to configure a dictionary and result in Cisco ISE 2.1 and 2.3 and then create and authorization policy that gave me the results that I was looking for.  I was able to configure all the Extreme switches we have to use radius and authenticate with ISE.  thanks

Glad to hear.  Please feel free to share whether you tested flows that rely on CoA and method used.  You can also publish your NAD profile per instructions here: ISE Third-Party NAD Profiles and Configs

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: