10-24-2017 08:59 PM
Hi,
I have a Customer with a Cisco 2921 ISR router with SM Ethernet module. They would like to know if ISE profiling services are compatible with SM module. They are looking to expand their wired infrastructure with ISE.
Any help would be highly appreciated!
Thanks,
Vaishnavi
Solved! Go to Solution.
10-25-2017 03:45 PM
In general, profiling is supported with any switch as virtually all will have the same methods for forwarding DHCP, DNS, RADIUS, SNMP, etc. CoA is needed to change policy at time of profie change so either RADIUS CoA or SNMP CoA must be possible to provide that. As Tim stated, the ESW modules are basically same device as standalone counterparts but no PSU and different uplink interface.
10-25-2017 09:55 AM
Many times the SM ethernet module in routers run a very stimilar version of code to their dedicated switch counterparts. If you can find the version of IOS it uses, 9 time out of 10 you will have the same functionality.
Regards,
-Tim
10-25-2017 03:45 PM
In general, profiling is supported with any switch as virtually all will have the same methods for forwarding DHCP, DNS, RADIUS, SNMP, etc. CoA is needed to change policy at time of profie change so either RADIUS CoA or SNMP CoA must be possible to provide that. As Tim stated, the ESW modules are basically same device as standalone counterparts but no PSU and different uplink interface.
10-29-2017 11:34 PM
Hi Craig & Timothy,
Thanks for your help on this!
A followup query on CoA: If I can't turn on CoA globally because of limited support on the Cisco 2921 with the Ethernet module, can I use RADIUS probes to handle CoA by itself without turning on CoA globally? I understand it is recommended or a best practice to turn on Radius probing with CoA for better performance. But is it possible to enforce CoA with RADIUS probes only, and are there any limitations with this configuration?
Thanks again!
10-30-2017 04:14 AM
Radius probes are used for profiling info
Coa (change of authorization) has nothing to do with the radius probe, it’s a mechanism to change access permissions when something changes
For example a device moved from web auth state to guest permit access
Or changed from posture unknown to compliant state
If the network access device doesn’t support snmp or radius coa then you won’t be able to switch a devices permissions
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide