01-23-2018 05:47 PM
I am looking for information on how service templates and interface templates can (or not?) be used as part an ISE policy and interdependences that may need to be considered.
The INSB2.0 I have been reading through is here:
and some IOS info here
There is mention of using interface templates and that we can reference them as VSA in policy but not much more.
I am also keen to get clarity on the support of IBNS 2.0 for the 2960-X platform.
I see the 2960-X as supported for most of the features – accept COA – yet it is not on the platform support matrix
but other less capable switches like the 2960-S are in the platform.
Any help would be much appreciated
Solved! Go to Solution.
01-23-2018 05:56 PM
Yes, 2960X does support IBNS 2.0. We don't have an updated list of 2K platforms that support this today, you may need to contact the switching team.
We can use Interface templates as part of ISE authorization to change specific configurations on the switch port. We have been talking about it for changes from access mode to trunk for the purpose of downstream Wireless Flex APs / Compact switches and also to apply QoS policies.
Also, the primary use case for interface-template is to contain lengthy port configurations within a container and then to source it under physical ports.
Service template are more useful locally on the switch to handle failure scenarios. ISE can authorize sessions with service-templates too, which is nothing but a set of authorization attributes (VLAN, ACL, SGT, etc) under a common profile name.
~Hari
01-23-2018 05:56 PM
Yes, 2960X does support IBNS 2.0. We don't have an updated list of 2K platforms that support this today, you may need to contact the switching team.
We can use Interface templates as part of ISE authorization to change specific configurations on the switch port. We have been talking about it for changes from access mode to trunk for the purpose of downstream Wireless Flex APs / Compact switches and also to apply QoS policies.
Also, the primary use case for interface-template is to contain lengthy port configurations within a container and then to source it under physical ports.
Service template are more useful locally on the switch to handle failure scenarios. ISE can authorize sessions with service-templates too, which is nothing but a set of authorization attributes (VLAN, ACL, SGT, etc) under a common profile name.
~Hari
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: