Solved: FORTINAC and Legagy Cisco Switches C2950, C4500/SUPII

Samuel Vuillaume · ‎02-13-2020

Dear community,

It seems FORTINAC can integrate with all of cisco switches even with our legacy ones like C2950, C4500/SUPII etc...

While we dont. I would assume dot1x not being supported on these so DOT1x and Radius/COA are not supported. at the same time ISE PIC will rely on Pxgrid Subcribers to evantually Mitigate via FMC. How does FORTINAc manage in NAC our legcy switches? Are they using SNMP triggers to push SNMP SETs adn change VLAN IDs for example or even L2 ACL?

Thx you

howon · ‎02-14-2020

Since v2.2, ISE supports Auth VLAN feature with SNMP which does not require supplicant or 802.1X support:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01000.html#concept_CDD87F6FE3A54351B27FF35316A23DA3

View solution in original post

Andrii Oliinyk · ‎02-13-2020

Hi dude

though it looks like exactly Fortigate's forum topic i'd advice u to collect the capture between FNAC & cisco switch. i guess it will answer a lot of your Qs.

P.S. ARPGuard as well perfectly serves "NAC" for not-fully-featured switches :0)

howon · ‎02-14-2020

Since v2.2, ISE supports Auth VLAN feature with SNMP which does not require supplicant or 802.1X support:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01000.html#concept_CDD87F6FE3A54351B27FF35316A23DA3