cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1333
Views
0
Helpful
1
Replies

extreme switch with ISE for profiling?

martucci
Cisco Employee
Cisco Employee

Hello,

I am setting up a lab with ISE and Extreme switching where I would like to test profiling.

I am wondering if anyone has trying to do anything similar and has any experience to share

Regards

Francesca

1 Accepted Solution

Accepted Solutions

Craig Hyps
Level 10
Level 10

No direct experience with Extreme, but profiling should function without issue.  Be sure to enable switch for SNMP read from ISE PSNs and allow access from PSNs to endpoints for NMAP.  If an L3 switch, config IP helper to PSN.  Assuming RADIUS auth is to ISE, then RADIUS probe will function. Other probes will work as usual.

Independent of profiling is the question of CoA support.  This will determine if change in access can be automated during current session based on profile change.  If no CoA support, then new policy will take effect after session reauth or reconnect.  ISE 2.0 support RFC 3576 and ISE 2.1 can use SNMP to trigger CoA.

Craig

View solution in original post

1 Reply 1

Craig Hyps
Level 10
Level 10

No direct experience with Extreme, but profiling should function without issue.  Be sure to enable switch for SNMP read from ISE PSNs and allow access from PSNs to endpoints for NMAP.  If an L3 switch, config IP helper to PSN.  Assuming RADIUS auth is to ISE, then RADIUS probe will function. Other probes will work as usual.

Independent of profiling is the question of CoA support.  This will determine if change in access can be automated during current session based on profile change.  If no CoA support, then new policy will take effect after session reauth or reconnect.  ISE 2.0 support RFC 3576 and ISE 2.1 can use SNMP to trigger CoA.

Craig