Solved: ISE IPv6 ACL/dACL Options

sahaputh · ‎05-10-2016

Hi,

I have customer requesting available options to restrict IPv6 access, after authentication with their current ISE version 1.3

Is there a way to send an IPv6 ACL/dACL or call for a ACL in the NAD through an Authorization Profile or any other way with ISE 1.3 ? Can this be accomplish with ISE 2.0? Please let me know if there's any how to guide to setup a POC.

Thanks!

TK.

Timothy Abbott · ‎05-12-2016

Hi TK,

Not with ISE 1.3. There is a possibility that you could reference a named ACL on the switch using filter-id in an authorization profile but you would need to test this in lab as we don't have a specific guide on how to set this up. Beginning with ISE 2.0 we offered support for authorization of endpoints using IPv6.

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎05-12-2016

Hi TK,

Not with ISE 1.3. There is a possibility that you could reference a named ACL on the switch using filter-id in an authorization profile but you would need to test this in lab as we don't have a specific guide on how to set this up. Beginning with ISE 2.0 we offered support for authorization of endpoints using IPv6.

Regards,

-Tim

sahaputh · ‎05-12-2016

Thanks Tim! I’ll check with filter-id. With ISE 2.0, can you send a IPv6 dACL? Is there a guide for IPv6 authorization?

Thanks!

TK.