Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3703
Views
0
Helpful
5
Replies

ISE support for Cisco Nexus Series of Switches

Go to solution
Dhanesh
Cisco Employee
Cisco Employee

‎12-08-2019 10:42 AM

Hi,

 

Does Cisco ISE 2.6 supports Cisco Nexus 2k, Nexus 3K, Nexus 5K, Nexus 7K and Nexus 9K series of switches? The Compatibility matrix does not show them.

 

If supported, can you please guide me to the link/documentation please?

 

Exact models of the Nexus switches are as below:

Nexus 2224,

Nexus 2232,

Nexus 2248,

Nexus 3048,

Nexus 5010,

Nexus 5596,

Nexus 5672,

Nexus 7009,

Nexus 7010,

Nexus 93180,

Nexus 92160,

Nexus 9504

 

Regards,

Dhanesh.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Dhanesh

‎12-08-2019 10:35 PM

  • do1x is going to be a no go for Nexus switches. The idea behind dot1x is to protect access layer ports and Nexus switches are supposed to be in the data center. If a malicious/unauthorized user is able to connect to a switch port in your data center then you have bigger problems to worry about than dot1x :)
  • With regards to TACACS+, it is supported and ISE already has a pre-defined "Common Task Type" for nexus. You can find this by going to Work Centers > Device Administration > Policy Elements > Results < TACACS Profiles > Create new > Use the drop-down for "Common Task Type" and select Nexus. 

I hope this helps!

Thank you for rating helpful posts!

View solution in original post

0 Helpful
5 Replies 5

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎12-08-2019 08:52 PM

What type of support are you looking for?

  • dot1x
  • TrustSec
  • Device administration via RADIUS
  • Device administration via TACACS+

Thank you for rating helpful posts!

0 Helpful

Go to solution
Dhanesh
Cisco Employee
Cisco Employee
In response to nspasov

‎12-08-2019 10:25 PM

Hi,

Thanks Neno for your response.

I am looking for support of AAA (802.1x), Device Administration via TACACS+ (through ISE Device Admin Node).

 

Regards,

Dhanesh.

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Dhanesh

‎12-08-2019 10:35 PM

  • do1x is going to be a no go for Nexus switches. The idea behind dot1x is to protect access layer ports and Nexus switches are supposed to be in the data center. If a malicious/unauthorized user is able to connect to a switch port in your data center then you have bigger problems to worry about than dot1x :)
  • With regards to TACACS+, it is supported and ISE already has a pre-defined "Common Task Type" for nexus. You can find this by going to Work Centers > Device Administration > Policy Elements > Results < TACACS Profiles > Create new > Use the drop-down for "Common Task Type" and select Nexus. 

I hope this helps!

Thank you for rating helpful posts!

0 Helpful

Go to solution
s1nsp4wn
Level 1
Level 1
In response to nspasov

‎02-10-2021 01:28 PM

Do 9Ks support TrustSec?  It doesn't look like it from the matrix I saw last year.  At least not 9K in NX-OS mode.

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to s1nsp4wn

‎02-10-2021 02:32 PM

The Nexus 9k's do not support TrustSec but you can do data plane translation between ACI EPGs and SGTs. But no TrustSec support like a 7k or catalyst. 

0 Helpful
Customers Also Viewed These Support Documents