cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

776
Views
0
Helpful
2
Replies
Highlighted

ISE web auth for non-cisco switch(D-link 3528)

Is it possible to use ISE(inline posture node) to redirect the wired users to ISE guest portal ?

And the wired users will get full network access after they pass the web auth.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Hello,It could theorically

Hello,

It could theorically work if the switch is able to send all attributes in accounting packets, such as IP address and mac address in calling station-id. If the attributes are missing or incorrect, the iPEP ISE will never create the session (see show pep table session).

Being that said, that probably never have been tested, so you might want to reconsider your design as there are no guarantee this can ever work.

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Hello,It could theorically

Hello,

It could theorically work if the switch is able to send all attributes in accounting packets, such as IP address and mac address in calling station-id. If the attributes are missing or incorrect, the iPEP ISE will never create the session (see show pep table session).

Being that said, that probably never have been tested, so you might want to reconsider your design as there are no guarantee this can ever work.

View solution in original post

Highlighted
Cisco Employee

you can use ISE ln-line

you can use ISE ln-line posture node with 3rd part switches

 

RADIUS access device must supply the following RADIUS attributes:

 

    Calling-Station-Id (for MAC_ADDRESS)

    User-Name

    NAS-Port-Type

    RADIUS accounting message must have the Framed-IP-Address attribute

 

VLAN, DACL features can be used  but again it depends on switch models let us know  specific switch  models . Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality,