cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

241
Views
1
Helpful
1
Replies
Highlighted
Cisco Employee

ise 2.1 etherswitch support on ise 4321- 4331 models

In the ISE 2.1 compatibility matrix (link below) the router ISR 4321 is not listed.

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/compatibility/ise_sdt.html

Can you please check and confirm is the ISR 4321 or ISR 4331 compatible with ISE 2.1?

etherswitch module support.


If not, what is necessary from the module or os in functionality to be supported?

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ise 2.1 etherswitch support on ise 4321- 4331 models

Please see the general statement in the running for the link you provided

Ask the switch team about what they support

Unfortunately we can't test all switches and rely on general switching support to test the standards

Cisco ISE supports interoperability with any Cisco or non-Cisco RADIUS client network access device (NAD) that implements common RADIUS behavior (similar to Cisco IOS 12.x) for standards-based authentication. For a list of supported authentication methods, see the "Manage Authentication Policies" chapter of the Cisco Identity Services Engine Admin Guide, Release 2.1<https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21.html>.

Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality, and are therefore not supported with non-Cisco devices. In addition, certain other advanced functions like central web authentication (CWA), Change of Authorization (CoA), Security Group Access (SGA), and downloadable access control lists (ACLs), are only supported on Cisco devices. For a full list of supported Cisco devices, see Table 1 <http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/compatibility/ise_sdt.html#79546> .

For information on enabling specific functions of Cisco ISE on network switches, see the "Switch and Wireless LAN Controller Configuration Required to Support Cisco ISE Functions" chapter in Cisco Identity Services Engine Admin Guide, Release 2.1<https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100000.html>.

1 REPLY 1
Cisco Employee

Re: ise 2.1 etherswitch support on ise 4321- 4331 models

Please see the general statement in the running for the link you provided

Ask the switch team about what they support

Unfortunately we can't test all switches and rely on general switching support to test the standards

Cisco ISE supports interoperability with any Cisco or non-Cisco RADIUS client network access device (NAD) that implements common RADIUS behavior (similar to Cisco IOS 12.x) for standards-based authentication. For a list of supported authentication methods, see the "Manage Authentication Policies" chapter of the Cisco Identity Services Engine Admin Guide, Release 2.1<https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21.html>.

Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality, and are therefore not supported with non-Cisco devices. In addition, certain other advanced functions like central web authentication (CWA), Change of Authorization (CoA), Security Group Access (SGA), and downloadable access control lists (ACLs), are only supported on Cisco devices. For a full list of supported Cisco devices, see Table 1 <http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/compatibility/ise_sdt.html#79546> .

For information on enabling specific functions of Cisco ISE on network switches, see the "Switch and Wireless LAN Controller Configuration Required to Support Cisco ISE Functions" chapter in Cisco Identity Services Engine Admin Guide, Release 2.1<https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100000.html>.