10-16-2017 11:39 AM
We have some Extreme switches in our environment and we use Tacacs to authenticate admin access to those switches. We are phasing out the Tacacs and we are trying to replace the switches as fast as we can. For the time being the tacacs will be gone before we can get the Extremes replaced. We are using Cisco ISE to authenticate access into our Cisco and Juniper switches. We would like to try using ISE to access Extreme switches. I have on my lab desk that I am using our test ISE vm to set up access into the switch. I am trying radius first then tacacs. Has anyone tried this before and have they been successful? Looking for some guidance.
Solved! Go to Solution.
10-17-2017 05:57 AM
Yes, there are different teams that have tested Extreme. Features and support depend on the switch capabilities. Many of the Extreme switches do not support RADIUS CoA, so for flows that require CoA you must rely on SNMP CoA. Be aware of
CSCvd06733 | Need to support Extreme switch SNMP CoA with ISE |
If RADIUS CoA is not an option and CoA is required, there is plan to address via a patch but would require TAC to obtain.
Craig
10-17-2017 05:57 AM
Yes, there are different teams that have tested Extreme. Features and support depend on the switch capabilities. Many of the Extreme switches do not support RADIUS CoA, so for flows that require CoA you must rely on SNMP CoA. Be aware of
CSCvd06733 | Need to support Extreme switch SNMP CoA with ISE |
If RADIUS CoA is not an option and CoA is required, there is plan to address via a patch but would require TAC to obtain.
Craig
10-19-2017 12:15 PM
I was able to configure a dictionary and result in Cisco ISE 2.1 and 2.3 and then create and authorization policy that gave me the results that I was looking for. I was able to configure all the Extreme switches we have to use radius and authenticate with ISE. thanks
10-19-2017 03:57 PM
Glad to hear. Please feel free to share whether you tested flows that rely on CoA and method used. You can also publish your NAD profile per instructions here: ISE Third-Party NAD Profiles and Configs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide