Solved: Re: extreme switch with ISE for profiling?

martucci · ‎09-07-2016

Hello,

I am setting up a lab with ISE and Extreme switching where I would like to test profiling.

I am wondering if anyone has trying to do anything similar and has any experience to share

Regards

Francesca

Craig Hyps · ‎09-09-2016

No direct experience with Extreme, but profiling should function without issue. Be sure to enable switch for SNMP read from ISE PSNs and allow access from PSNs to endpoints for NMAP. If an L3 switch, config IP helper to PSN. Assuming RADIUS auth is to ISE, then RADIUS probe will function. Other probes will work as usual.

Independent of profiling is the question of CoA support. This will determine if change in access can be automated during current session based on profile change. If no CoA support, then new policy will take effect after session reauth or reconnect. ISE 2.0 support RFC 3576 and ISE 2.1 can use SNMP to trigger CoA.

Craig

View solution in original post

Craig Hyps · ‎09-09-2016

No direct experience with Extreme, but profiling should function without issue. Be sure to enable switch for SNMP read from ISE PSNs and allow access from PSNs to endpoints for NMAP. If an L3 switch, config IP helper to PSN. Assuming RADIUS auth is to ISE, then RADIUS probe will function. Other probes will work as usual.

Independent of profiling is the question of CoA support. This will determine if change in access can be automated during current session based on profile change. If no CoA support, then new policy will take effect after session reauth or reconnect. ISE 2.0 support RFC 3576 and ISE 2.1 can use SNMP to trigger CoA.

Craig