Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3882
Views
3
Helpful
3
Replies

ISE 2.0 support with 2960-X Lan Lite

Go to solution
Hiep Nguyen
Level 1
Level 1

‎04-28-2016 10:25 PM

Hi team,

In our device compatibility docs of ISE, I see some confusions:

  1. For ISE 1.2, we mentioned that 2960 LAN Lite is supported but not recommended with ISE 1.2 due to limited feature support. LAN Lite supports only 802.1X and VLAN assignments
  2. For ISE 2.0, I dont see any comment related to 2960 Lan Lite. (http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/compatibility/ise_sdt.html)

So I would like to ask:

  1. For ISE 2.0, do we still support 2960 LAN Lite?
  2. What about 2960-X Lan Lite, can it support full features (because we only see 2960-X in general in compatibility doc)

Thank you.

1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-29-2016 04:02 PM

The ISE 1.2 Compatibility Guide says: LAN Lite supports only 802.1X and VLAN assignments.

This means the 2960 LAN Lite  can do 802.1X to perform authentication to ISE via RADIUS for authorization enforcement with VLANs.

It will still interoperate with ISE 2.0 via the standard RADIUS protocol but it will not be able to do anything other than VLAN assignment.

The 2960-X supports all capabilities with the recommended version of IOS 15.2(2)E3 so I assume the LAN Lite versions continue to only support VLAN assignment since "LAN Lite models have reduced functionality and scalability for small deployments with basic requirements" according to Cisco Catalyst 2960-X Series Switches Data Sheet. You will want to verify this with the switching product team.

View solution in original post

3 Replies 3

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-29-2016 04:02 PM

The ISE 1.2 Compatibility Guide says: LAN Lite supports only 802.1X and VLAN assignments.

This means the 2960 LAN Lite  can do 802.1X to perform authentication to ISE via RADIUS for authorization enforcement with VLANs.

It will still interoperate with ISE 2.0 via the standard RADIUS protocol but it will not be able to do anything other than VLAN assignment.

The 2960-X supports all capabilities with the recommended version of IOS 15.2(2)E3 so I assume the LAN Lite versions continue to only support VLAN assignment since "LAN Lite models have reduced functionality and scalability for small deployments with basic requirements" according to Cisco Catalyst 2960-X Series Switches Data Sheet. You will want to verify this with the switching product team.

Go to solution
Darren_Cooper
Level 1
Level 1
In response to thomas

‎10-30-2019 09:46 AM

Hi,

 

I am trying to get this working to use 802.1x authentication with RADIUS, but on LAN Lite the policy-map and service-policy commands are not available so the interface never sends the auth request to RADIUS.

On a LAN Base I have the same config and it works because the policy-map enables the authentication.

 

With legacy mode authentication the LAN Lite switch works fine for 802.1x and RADIUS, but it breaks when converting to new-style.  I cannot find a config sample anywhere that works.

Go to solution
rezaalikhani
Level 3
Level 3

‎02-06-2024 10:49 PM

Another limitation is that when using LAN Lite, the "authentication open" command is not available.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents