cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

773
Views
1
Helpful
1
Replies
Cisco Employee

Interface templates and Service Templates in IBNS 2.0 on 2960-X?

I am looking for information on how service templates and interface templates can (or not?) be used as part an ISE policy and interdependences that may need to be considered.

The INSB2.0 I have been reading through is here:

https://www.cisco.com/c/en/us/products/ios-nx-os-software/identity-based-networking-services/white-paper-listing.html

and some IOS info here

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ibns/configuration/15-e/ibns-15-e-book/ibns-coa-supp.html

There is mention of using interface templates and that we can reference them as VSA in policy but not much more.

I am also keen to get clarity on the support of IBNS 2.0 for the 2960-X platform.

I see the 2960-X as supported for most of the features – accept COA – yet it is not on the platform support matrix

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-729965.html#_Toc404649500

but other less capable switches like the 2960-S are in the platform.

Any help would be much appreciated

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Interface templates and Service Templates in IBNS 2.0 on 2960-X?

Yes, 2960X does support IBNS 2.0. We don't have an updated list of 2K platforms that support this today, you may need to contact the switching team.

We can use Interface templates as part of ISE authorization to change specific configurations on the switch port. We have been talking about it for changes from access mode to trunk for the purpose of downstream Wireless Flex APs / Compact switches and also to apply QoS policies.

Also, the primary use case for interface-template is to contain lengthy port configurations within a container and then to source it under physical ports.

Service template are more useful locally on the switch to handle failure scenarios. ISE can authorize sessions with service-templates too, which is nothing but a set of authorization attributes (VLAN, ACL, SGT, etc) under a common profile name.


~Hari

1 REPLY 1
Highlighted
Cisco Employee

Re: Interface templates and Service Templates in IBNS 2.0 on 2960-X?

Yes, 2960X does support IBNS 2.0. We don't have an updated list of 2K platforms that support this today, you may need to contact the switching team.

We can use Interface templates as part of ISE authorization to change specific configurations on the switch port. We have been talking about it for changes from access mode to trunk for the purpose of downstream Wireless Flex APs / Compact switches and also to apply QoS policies.

Also, the primary use case for interface-template is to contain lengthy port configurations within a container and then to source it under physical ports.

Service template are more useful locally on the switch to handle failure scenarios. ISE can authorize sessions with service-templates too, which is nothing but a set of authorization attributes (VLAN, ACL, SGT, etc) under a common profile name.


~Hari