Solved: ISE 2.2. and IE5000

rroulhac · ‎03-17-2017

All,

In the ISE 2.2. Compatibility guide we see support for IE2000 and IE 3000. Have we don any testing on the IE 5000 or have any documentation that expresses support for the IE 5000?

--

Grace and Peace,

Robert E Roulhac Jr

Virtual Systems Engineer II

Cisco TSN (Technical Solutions Network)

rroulhac@cisco.com

Office: 919.5745455

thomas · ‎03-20-2017

As of ISE Component Compatibility, Release 2.2 the ISE team has not Validated any of the IE platforms beyond the IE2000 and IE 3000.

The section Supported Network Access Devices explicitly states:

Cisco ISE supports interoperability with any Cisco or non-Cisco RADIUS client network access device (NAD) that implements common RADIUS behavior

So these platforms should work just like other Cisco devices for RADIUS and TACACS+ functionality.

View solution in original post

thomas · ‎03-20-2017

As of ISE Component Compatibility, Release 2.2 the ISE team has not Validated any of the IE platforms beyond the IE2000 and IE 3000.

The section Supported Network Access Devices explicitly states:

Cisco ISE supports interoperability with any Cisco or non-Cisco RADIUS client network access device (NAD) that implements common RADIUS behavior

So these platforms should work just like other Cisco devices for RADIUS and TACACS+ functionality.

rodrigo.cisco · ‎03-22-2017

Saying that "Cisco ISE supports interoperability with any Cisco or non-Cisco RADIUS client network access device (NAD) that implements common RADIUS behavior" for customer is not enough. Because how can I prove to a customer by documentation that switches is able to runnign CoA to somes advanced and important features without it? Without some explicty information that Cisco SHOULD include in the datasheet and can NOT help customer to BUY CIsco instead of third party switches. We only can justify pay more for a Cisco switches when we are working with ISE is saying and providing customer with oficial and open documentation highlighting the features like CoA for Guest, NAC, etc.

PLEASE CISCO help us to help customer. Listen to us (partners)!!!!

thomas · ‎03-22-2017

The ISE team does a phenomenal job of collecting all of this information together into a single table. However, we cannot test every release of hardware and every release of software that every network vendor creates. Therefore we have to fallback onto saying we support the RADIUS protocol if it has not been explicitly Validated.

At some point, the individual product teams need to step up and begin to state their feature capabilities. So I looked at the Cisco Industrial Ethernet 5000 Series Switch Data Sheet - Cisco and it says

Table 6. Cisco IE 5000 Key LAN Base Software Features

LAN Base License (Default)	Features
Layer 2 Switching	IEEE 802.1, 802.3, 802.3at, 802.3af standard, VTPv2, NTP, UDLD, CDP, LLDP, Unicast Mac filter, Flexlink, Resilient Ethernet Protocol (REP), Parallel Redundancy Protocol (PRP), VTPv3, EtherChannel, Voice VLAN, QinQ tunneling, Media Redundancy Protocol (MRP/IEC 62439-2)
Security	SCP, SSH, SNMPv3, TACACS+, RADIUS Server/Client, MAC Address Notification, BPDU Guard, Port -Security, Private VLAN, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard, 802.1x, Guest VLAN, MAC Authentication Bypass, 802.1x Multi-Domain Authentication, Storm Control, Cisco TrustSec^® supporting inline tagging SGT and SGACL

But no mention of RADIUS CoA.

Perhaps an IE5000 TME (jvolpert?) can tell you about RADIUS CoA Support.

But since IE2000 & IE3000 support it, I have to imagine that the IE5000 would too.