cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1079
Views
0
Helpful
3
Replies
Highlighted

Can i have step by step guide to Integrate Hp5500 Switch with Cisco ISE 2.2 using mab

Can i have step by step guide to Integrate Hp5500 Switch with Cisco ISE 2.2 using mab

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Can i have step by step guide to Integrate Hp5500 Switch with Cisco ISE 2.2 using mab

the issue is related in 'test-new-data' rule. the  authorization profile tied to it  doesn't match to this network device.

You need to create authorization profile for HP 5500 and in authorization profile you need to select 'Any' or 'HPWired_SNMP_CoA'  under Network Device Profile option.  select this authorization profile in policy rule.

please see attached file.

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Re: Can i have step by step guide to Integrate Hp5500 Switch with Cisco ISE 2.2 using mab

First please go to the 3rd party devices page for sample HP config. Here, instead of 5k example (Which is for SNMP CoA), you may need to follow HP 2k example instead or work with HP in regards to the HP switch configuration for MAB:

ISE Third-Party NAD Profiles and Configs

The ISE policy will have much of what you want already but you will need to add the HP switch as network device and setup shared RADIUS keys. Once setup and devices are connected to the switch, you will see events show up in the ISE live log.

Highlighted

Re: Can i have step by step guide to Integrate Hp5500 Switch with Cisco ISE 2.2 using mab

11001

Received RADIUS Access-Request

11017

RADIUS created a new session

11117

Generated a new session ID

15049

Evaluating Policy Group

15008

Evaluating Service Selection Policy

15048

Queried PIP - Normalised Radius.RadiusFlowType

15004

Matched rule - MOHU-allowed

11028

Detected Host Lookup UseCase (UserName = Calling-Station-ID)

15041

Evaluating Identity Policy

15006

Matched Default Rule

15013

Selected Identity Source - Internal Endpoints

24209

Looking up Endpoint in Internal Endpoints IDStore - 40:B0:34:16:20:33

24211

Found Endpoint in Internal Endpoints IDStore

22037

Authentication Passed

15036

Evaluating Authorization Policy

15004

Matched rule - test-new-data

15052

Authorization profile/s specified are not suited for this Network Access Device

15039

Rejected per authorization profile

11003

Returned RADIUS Access-Reject

Highlighted
Cisco Employee

Re: Can i have step by step guide to Integrate Hp5500 Switch with Cisco ISE 2.2 using mab

the issue is related in 'test-new-data' rule. the  authorization profile tied to it  doesn't match to this network device.

You need to create authorization profile for HP 5500 and in authorization profile you need to select 'Any' or 'HPWired_SNMP_CoA'  under Network Device Profile option.  select this authorization profile in policy rule.

please see attached file.

View solution in original post