cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3824
Views
0
Helpful
6
Replies

Cisco ISE 2.4 support for LAN LITE IOS

Hello All,

 

I am in the process of implementing ISE 2.4 for one customer, and I checked the IOS versions of the existing access switches for compatibility. I have found a few c2960 switches with LAN Lite image. As far as I know that image is not recommended for ISE implementations as it supports basic dot1x and vlan assignment. My question is that is it possible to upgrade an existing C2960 switch with LAN Lite image to LAN Base image?. 

 

Thanks

1 Accepted Solution

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni
There is no replacement for testing a platform/software release for support of your specific solution. There are some features missing from lan lite images that make me suggest to customers to replace them during hardware refreshes. You cannot upgrade a Lan lite 2960 to lan base, it is fixed upon order/shipment from Cisco.

Any feature that relies on port ACL's will not work with lan lite switches, and critical auth vlan is also not supported, two big feature gaps. You can read about what's missing here. So while it will certainly be supported by ISE 2.4, it misses some important features on the switch side.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960l/software/15-2_5_e/config-guide/b_1525e_consolidated_2960l_cg/b_1525e_consolidated_2960l_cg_chapter_011111.pdf

View solution in original post

6 Replies 6

Nidhi
Cisco Employee
Cisco Employee

2960 Lan lite is supported with ISE 2.4

I see 2960-L mentioned in the compatibility document as well. - https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/compatibility/b_ise_sdt_24.html 

 

Thanks,

Nidhi 

Damien Miller
VIP Alumni
VIP Alumni
There is no replacement for testing a platform/software release for support of your specific solution. There are some features missing from lan lite images that make me suggest to customers to replace them during hardware refreshes. You cannot upgrade a Lan lite 2960 to lan base, it is fixed upon order/shipment from Cisco.

Any feature that relies on port ACL's will not work with lan lite switches, and critical auth vlan is also not supported, two big feature gaps. You can read about what's missing here. So while it will certainly be supported by ISE 2.4, it misses some important features on the switch side.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960l/software/15-2_5_e/config-guide/b_1525e_consolidated_2960l_cg/b_1525e_consolidated_2960l_cg_chapter_011111.pdf

Nidhi
Cisco Employee
Cisco Employee

earlier versions of Lan Lite had some gaps due to which it was not recommended platform. But with new version, few of the security features were added ( Like Radius CoA) and hence the support was added. 

However, As Damien suggested, please go through the Datasheet link provided to verify what capability is needed. 

Thanks,

Nidhi

Nidhi
Cisco Employee
Cisco Employee

earlier versions of Lan Lite had some gaps due to which it was not recommended platform. But with new version, few of the security features were added ( Like Radius CoA) and hence the support was added. 

However, As Damien suggested, please go through the Datasheet link provided to verify what capability is needed. 

Thanks,

Nidhi

dngore
Cisco Employee
Cisco Employee

Hi,

ISE 2.6 compatibility matrix shows that Cisco 2960 Plus switches are fully compatible. Does that mean switch with Lan Lite IOS is also supported for all features? 

I verified 15.2.4.E IOS configuration guide. But it does not mentions any 802.1x limitation for Lan Lite image. ( I could not find configuration guide for Lan Lite image)

Kindly verify same as we are working on ISE opportunity for a customer. They have Cisco 2960 Plus switch with Lan Lite image.

 

Hi Whether MAB authentication, DACL pushing from ISE, posturing and profiling, did it work for C2960 plus LAN Lite image devices.