Solved: ISE Compatibility

ashvaras · ‎09-26-2017

In this link, ISE 2.3 support both H3C (OS 5.20.99) and Brocade ICX 6610 (OS 8.0.20)

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/compatibility/ise_sdt.html

Q1) Please clarify if the following H3C and Brocade switches are supported by ISE 2.3 Please see attached excel file

Ive found this in your site ISE Third-Party NAD Profiles and Configs - but there is only one version. Is there a way to see if this was updated with different versions?

Craig Hyps · ‎09-26-2017

Ashely,

Please refer to this page for additional details: ISE Third-Party NAD Profiles and Configs

As mentioned, we only list specific models that were tested. Also note that some models may have been tested with only a specific ISE feature set and it may be the case that vendor releases newer product or versions which would allow enhanced support over what was previously QA tested.

A case in point is the Brocade switch. Our QA team tested the 6610 for basic AAA. In order to support Guest and other advanced features like Posture/BYOD, we assume use of the 2.1 feature set which leverages Auth VLAN capability. Later, I worked with Brocade directly to help them test their newer 7k series. In the above link I posted the configs used to verify the 7x50 series with advanced features like CWA using native redirect support on the switch and included working config and updated profile. (Note: May require upload of newer Brocade/Foundry RADIUS dictionary). The version tested was 08.0.60, but 08.0.30j may also provide the redirect support. Not sure how that maps to 8.0.30T211. Brocade should be able to answer that.

Like Cisco switches, if one switch model and software release support a given function, then most likely all other switches running same software release will have same functionality. We cannot validate every variation, so best to provide guidance based on what is posted and lab test any cases where concerned over like functionality based on platform/version.

Craig

View solution in original post

Charlie Moreton · ‎09-26-2017

Due to the testing required to add switch models to the compatibility list, only those that have been tested make it. The general guidance is the same as using Cisco Switches. Use the Software Version as the baseline. That's where the features are introduced. If the hardware is capable, then the software feature sets are what matters.

In the Compatibility List you linked, it is stated for Brocade to use a minimum software version of 8.0.20, and for HP H3C, the minimum is 5.20.99

In the spreadsheet you shared, you listed the software versions. The Brocade looks good. The HP H3C switches, however, may need a software upgrade - depending on HPs sw naming convention.

ashvaras · ‎09-26-2017

Hmmm does that mean that newer versions should still support this?

Craig Hyps · ‎09-26-2017

Please be more specific.

Craig Hyps · ‎09-26-2017

Ashely,

Please refer to this page for additional details: ISE Third-Party NAD Profiles and Configs

As mentioned, we only list specific models that were tested. Also note that some models may have been tested with only a specific ISE feature set and it may be the case that vendor releases newer product or versions which would allow enhanced support over what was previously QA tested.

A case in point is the Brocade switch. Our QA team tested the 6610 for basic AAA. In order to support Guest and other advanced features like Posture/BYOD, we assume use of the 2.1 feature set which leverages Auth VLAN capability. Later, I worked with Brocade directly to help them test their newer 7k series. In the above link I posted the configs used to verify the 7x50 series with advanced features like CWA using native redirect support on the switch and included working config and updated profile. (Note: May require upload of newer Brocade/Foundry RADIUS dictionary). The version tested was 08.0.60, but 08.0.30j may also provide the redirect support. Not sure how that maps to 8.0.30T211. Brocade should be able to answer that.

Like Cisco switches, if one switch model and software release support a given function, then most likely all other switches running same software release will have same functionality. We cannot validate every variation, so best to provide guidance based on what is posted and lab test any cases where concerned over like functionality based on platform/version.

Craig