Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3398
Views
15
Helpful
3
Replies

ISE Third party support

FraserJohnston62763
Level 1
Level 1

‎11-23-2020 02:49 AM

Hi there, and thank you for reading.

 

Been out of IT infrastructure for a number of years and struggling to get up to speed rapidly.

Im looking at an existing ICE system supporting AAA/ Profiling/BTOD/Guest/Posture services.

We are looking to add some third party switch hardware and door access/cctv endpoints, which we want to be complient with ICE. Am I understanding correctly that the switches just need to support 802.1X, or that need to support 802.1X and have RADIUS and TACACS integration built in?

Do I also understand correctly that ICE can have exceptions for certain nodes and endpoints if there are compatibility issues, but any new devices added to those nodes, a bad actor or such would still be blocked by ICE?

 

Many thanks in Advance

Fraser

0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎11-23-2020 04:12 AM

 

 - Check below link for examples :

            https://community.cisco.com/t5/security-documents/ise-third-party-nad-profiles-and-configs/ta-p/3648719

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

balaji.bandi
Hall of Fame
Hall of Fame

‎11-23-2020 04:48 AM

here is the device matrix based on the version of ISE you running

 

https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-device-support-tables-list.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Mike.Cifelli
VIP Alumni
VIP Alumni

‎11-23-2020 05:36 AM

On top of the links provided take a peek at the ISE Resources links at the top of the 'Network Access Control' community forum as there are really good examples and guides there.  Also, for free tutorials for ISE config demos take a look at: Video: Security | Lab Minutes

Am I understanding correctly that the switches just need to support 802.1X, or that need to support 802.1X and have RADIUS and TACACS integration built in?

-Yes.  Devices will need to be able to support dot1x and radius.  Radius is used between the authenticator (switch) and ISE (authentication server).  Note there are specific licenses (Base) needed to support your typical AAA services.

Do I also understand correctly that ICE can have exceptions for certain nodes and endpoints if there are compatibility issues, but any new devices added to those nodes, a bad actor or such would still be blocked by ICE?

-Yes.  You will utilize your policy sets to steer policy and allow (authorize) good known clients onto the network.  Bad actors should not match any policies and hit the default policy which should be secured (deny access).

HTH!

 

Customers Also Viewed These Support Documents