08-30-2017 02:43 AM
Team,
I would like to find out following is possible for ISE posture with non-compatible switch like 2950:
Setup:
Goal:
Suggest Solution:
Regards,
Leslie
Solved! Go to Solution.
07-16-2018 06:30 AM
There are additional changes required to address support for SNMP CoA with Catalyst 2950. As I recall, the ifIndex values were simple 1, 2, 3, etc corresponding to interface number. We current support option to swap out the leading characters of NAS Port value to address behavior of many Cisco switches, but this would not work for 2950 where need to swap all leading characters with empty string. Per original reply, please work with account team and PM for feature prioritization.
On a related note, ISE 2.2 Posture supports provisioning and assessment without URL redirect support on access switch, but CoA is still a requirement to change authorization following successful assessment.
/Craig
07-16-2018 10:57 PM
Thank you for your reply, so there is no hope to make 2950 support SNMP CoA?
07-17-2018 06:03 AM
As noted, further enhancements required. These are two which I requested:
The first would add more intelligence to auto-determine the SNMP ifindex without having to use regex tricks, etc.
The second would be to leverage the Cisco MIB which provides a rich set of SNMP-based CoA functions.
The last option is to further tweak the string manipulation mentioned in first reply.
Please work with Cisco account team to drive the enhancements with ISE product management team.
/Craig
07-17-2018 06:21 AM
Thanks Craig.
Regards,
Leslie
07-18-2018 12:17 AM
Thank you, really helpful!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide