Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1814
Views
0
Helpful
1
Replies

ISE 1.1.2 Change of Authorization with Avaya Switches (5520)

Go to solution
Akhtar Samo
Level 1
Level 1

‎01-28-2013 12:03 AM - edited ‎03-10-2019 08:01 PM

Hi,

I am configuring ise to do the posture assessment. I am having avaya as my LAN and Core switches. The idea is once the user is authenticated using 802.1x then it will be moved to qurantine vlan and after it is compliant with the company's policy then it will be moved to the actual vlan. I have configured the avaya switch to accept the radius assigned vlan and also configured the 802.1x dynamic-authorization. Currently, radius assigned qurantine vlan is working but once the nac agent scan and mark the PC status as Compliant then the CoA is not happening and User is not moved to the actual vlan.

I tested the same ise authorization policy of dynamically assigning VLANs on cisco switches and it worked perfectly, but the same is not happening on avaya switch.

Any idea on this?

Regards,

Akhtar

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jedubois
Cisco Employee
Cisco Employee

‎01-28-2013 12:54 PM

Akhtar,

     The posture flows with ISE have only been tested with Cisco switches:

     http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html

     The RFC states that port 3799 is for CoA but due to a conflict we use port 1700 so that my have something to do with it. That said we don't claim support for 3rd party switches currently.  If you would like to see this please contact your Cisco Account Team to check on the status of 3rd party switch support or to request the feature.

--Jesse

View solution in original post

0 Helpful
1 Reply 1

Go to solution
jedubois
Cisco Employee
Cisco Employee

‎01-28-2013 12:54 PM

Akhtar,

     The posture flows with ISE have only been tested with Cisco switches:

     http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html

     The RFC states that port 3799 is for CoA but due to a conflict we use port 1700 so that my have something to do with it. That said we don't claim support for 3rd party switches currently.  If you would like to see this please contact your Cisco Account Team to check on the status of 3rd party switch support or to request the feature.

--Jesse

0 Helpful
Customers Also Viewed These Support Documents