cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

907
Views
0
Helpful
4
Replies
Highlighted
Cisco Employee

ISE 2.1 Brocade ICX NAD profile

Anyone has a working NAD profile for Brocade ICX 6430 and 6450?

I am looking at using ISE profiling and posture with ISE 2.1. Is walled-garden approach a workable model?

Thanks

Wing Churn

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

I should have one in near future.  Working with Brocade to get them on compatibility list and minimally published to NAD profile site for working configs.  Just loaded most current version for 6430 in lab but need a bit more time to test some key functions.  Brocade focus is on 7k series at moment which will be platform to receive all new "identity" features and updates.  8030 is last train to support the 6k series.  When available, profile for devices not officially validated by QA posted here.

Craig

View solution in original post

4 REPLIES 4
Highlighted
Advocate

I should have one in near future.  Working with Brocade to get them on compatibility list and minimally published to NAD profile site for working configs.  Just loaded most current version for 6430 in lab but need a bit more time to test some key functions.  Brocade focus is on 7k series at moment which will be platform to receive all new "identity" features and updates.  8030 is last train to support the 6k series.  When available, profile for devices not officially validated by QA posted here.

Craig

View solution in original post

Highlighted

Hi Craig,

I have 6430 and 6450 in test lab too and I am still stuck in authentication. ICX seems does not like the idea of machine authentication. From ISE log, I could not get correct syntax for host information and it always appear as host/anonymous but the radius username appear to be in good order.

Any idea?

Thanks

Wing Churn

Highlighted
Cisco Employee

Hi Craig,

Quick update, managed to get everything working with one small issue. Once endpoint moved to "Compliant" state and ISE is pushing CoA to NAD, ICX does not seems to understand "Disconnect" message? How do we get this working?

Thanks

Wing Churn

Screen Shot 2016-10-28 at 5.37.00 PM.pngScreen Shot 2016-10-28 at 5.37.09 PM.png

Highlighted

Hi all,

Managed to find out where went wrong. ICX end require CoA command to accept ISE CoA.

Wing Churn