cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2964
Views
9
Helpful
10
Replies

Access Switch Recommendation for ISE

nasim_nasri
Level 1
Level 1

Dear Expert,

My client is thinking to role out the ISE in the network they have old switches 2950g which supports only authentication with ISE.

In order to utilize most of the feature if not all we are thinking to replace them with 2960g.

Any advice, expereinvce in this regards will be very helpful for the recommended model for the access layer.

Thanks

10 Replies 10

The actual 2960-switches (which are 2960-X, but the 2960-S are also very good access-switches) will be a very good choice. If you want to use the full power of ISE, you want a switch that is capable of running IOS >= 15.0. If I remember right, not all of the older 2960 are papable of that.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

you want a switch that is capable of running IOS >= 15.0. If I remember right

Nah.  All 2960-series, from the legacy all the way up to 2960S, can run 15.0.

All of my 2960/2960G are running 15.0(2)SE4 already. 

Rated +5.

for sure you are right, I was thinking about the older 3750 which I used as access-switches some years ago when there were no 2960 with PoE. These switches only supported IOS 12.2.55.


Sent from Cisco Technical Support iPad App

muhammk2
Level 1
Level 1

Hello,

Catalyst 2960, Catalyst 2960S, ISR EtherSwitch ES2 with OS [IOS v12.2(52)SE LAN Base] will support MAB, 802.1X, Web Auth, Session CoA, VLAN and DACL.

Catalyst 2960, Catalyst 2960S with OS [IOS v12.2(52)SE LAN Lite2 ] will support MAB, 802.1X and VLAN.

For more details of Network Access Devices, please refer to the following link:

http://www.cisco.com/en/US/docs/security/ise/1.0.4/compatibility/ise104_sdt.html#wp55038

BR,

Muhammad Khan

You can use the 2960s that were recommended. However if you want to implement device sensor features (i.e. if profiling endpoints is a mandatory requirement). You should consider the 3750X with the proper licensing.

Thanks,

Tarik Admani
*Please rate helpful posts*

Muhammad Munir
Level 5
Level 5

Hello Nasim

Agreed by the Tarik and Muhammad Khan's reply you can use the 2960s switch, but I recommend you to use 3750x which is capable of using all the services of ISE 1.1 as well as 1.2.

Thanks

but I recommend you to use 3750x which is capable of using all the services of ISE 1.1 as well as 1.2.

Are you kidding????

I wouldn't recommend 3750X particularly when the 3850 is priced LOWER than 3750X and the 3850 has THE SAME features as the 3750X.

The future of the 3560 and 3750 looks bleak particularly when the 3850's "younger brother" is about to come out.

Venkatesh Attuluri
Cisco Employee
Cisco Employee

Following is the  Cisco Identity Services Engine Network Component Compatibility, Release 1.2 which specify recommeded switch to use with ISE and different features supported by switch

http://www.cisco.com/en/US/docs/security/ise/1.2/compatibility/ise_sdt.html

Hi Venkatesh,

Good document and had a look under "Supported Network Access Devices" and all I can say is it's OUTDATED.  Someone needs to add the status of the Sup8 and the 6800ia, even though it's not supported.

kaaftab
Level 4
Level 4

  You can use any of the L2 switches  for 802.1x authentication and if you want L3 features you should use the L3 switches  for reference you can check the list of features and IOS  form the following link

    http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html

    http://www.cisco.com/en/US/solutions/ns170/ns896/ns1051/trustsec_matrix.html

and hardware compliance from the list for all ISE versions

     http://www.cisco.com/en/US/products/ps11640/products_device_support_tables_list.html