Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2676
Views
0
Helpful
3
Replies

Can i have step by step guide to Integrate Hp5500 Switch with Cisco ISE 2.2 using mab

Go to solution
Irshad Mohammed Hussain
Level 1
Level 1

‎11-06-2017 11:26 AM

Can i have step by step guide to Integrate Hp5500 Switch with Cisco ISE 2.2 using mab

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
smashash
Cisco Employee
Cisco Employee
In response to Irshad Mohammed Hussain

‎11-06-2017 11:55 PM

the issue is related in 'test-new-data' rule. the  authorization profile tied to it  doesn't match to this network device.

You need to create authorization profile for HP 5500 and in authorization profile you need to select 'Any' or 'HPWired_SNMP_CoA'  under Network Device Profile option.  select this authorization profile in policy rule.

please see attached file.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
howon
Cisco Employee
Cisco Employee

‎11-06-2017 12:41 PM

First please go to the 3rd party devices page for sample HP config. Here, instead of 5k example (Which is for SNMP CoA), you may need to follow HP 2k example instead or work with HP in regards to the HP switch configuration for MAB:

ISE Third-Party NAD Profiles and Configs

The ISE policy will have much of what you want already but you will need to add the HP switch as network device and setup shared RADIUS keys. Once setup and devices are connected to the switch, you will see events show up in the ISE live log.

0 Helpful

Go to solution
Irshad Mohammed Hussain
Level 1
Level 1
In response to howon

‎11-06-2017 10:04 PM

11001

Received RADIUS Access-Request

11017

RADIUS created a new session

11117

Generated a new session ID

15049

Evaluating Policy Group

15008

Evaluating Service Selection Policy

15048

Queried PIP - Normalised Radius.RadiusFlowType

15004

Matched rule - MOHU-allowed

11028

Detected Host Lookup UseCase (UserName = Calling-Station-ID)

15041

Evaluating Identity Policy

15006

Matched Default Rule

15013

Selected Identity Source - Internal Endpoints

24209

Looking up Endpoint in Internal Endpoints IDStore - 40:B0:34:16:20:33

24211

Found Endpoint in Internal Endpoints IDStore

22037

Authentication Passed

15036

Evaluating Authorization Policy

15004

Matched rule - test-new-data

15052

Authorization profile/s specified are not suited for this Network Access Device

15039

Rejected per authorization profile

11003

Returned RADIUS Access-Reject

0 Helpful

Go to solution
smashash
Cisco Employee
Cisco Employee
In response to Irshad Mohammed Hussain

‎11-06-2017 11:55 PM

the issue is related in 'test-new-data' rule. the  authorization profile tied to it  doesn't match to this network device.

You need to create authorization profile for HP 5500 and in authorization profile you need to select 'Any' or 'HPWired_SNMP_CoA'  under Network Device Profile option.  select this authorization profile in policy rule.

please see attached file.

0 Helpful
Customers Also Viewed These Support Documents