Cisco ISE - Network Devices with IPv6 ranges

Sven Hruza · ‎11-06-2024

Hello,

I tried to configure some network devices in Cisco ISE 3.3 with IPv6 ranges, but it told that this is not a valid IP address.
I tried it simillar to IPv4, and also some other formats like
2aaa:1234:1234:1234::0001-0004
2aaa:1234:1234:1234::0001-2aaa:1234:1234:1234::0004

In the documentation is nothing described about IPv6 addresses. Is this possible for IPv6 or are only single IPv6 addresses allowed?

Thanks!

thomas · ‎11-06-2024

IPv6 works - I just added your first IPv6 address above:

IPv6 support is documented for a single IP address (IPv4 or IPv6 address) but not explicitly for ranges in the ISE Admin Guide:

IP Address: Enter a single IP address (IPv4 or IPv6 address) and a subnet mask.
IP Range: Enter the required IPv4 address range. To exclude IP addresses during authentication, enter an IP address or IP address range in the Exclude field.

It is a best practice to use a single IP address - not a range - so you may uniquely identify each network device when troubleshooting.

I covered adding network devices with IP addresses in the ISE Webinar.

▷ Managing Network Devices in ISE 2022-04-05

19:10 RADIUS with an Undefined Network Device
21:08 Enable and Use the Default Network Device
24:43 Network Device with an IP Range
26:30 Network Device with a Specific IP Address

Sven Hruza · ‎11-07-2024

Hello Thomas and thanks for the response!
That means I must switch from wildcard objects in IPv4 to single device objects in IPv6.
Do you know, is there a limit of network device objects in the ISE?

Thanks!