Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9581
Views
10
Helpful
10
Replies

ISE with Dell switches

Go to solution
ymadheka
Level 4
Level 4

‎03-02-2017 10:42 PM

Hi Folks,

Has anyone had experience of ISE working with Dell switches, since it is not listed in the compatibility matrix is there any tested list of features that can worked upon.

Appreciate for any help.

Thanks & Regards,

Yogesh Madhekar

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to ymadheka

‎03-03-2017 06:51 AM

Yogesh,

We haven't tested with Dell switches.  That's why they aren't listed in the compatibility matrix. ISE is a standards-based RADIUS server.  So long as they are standards compliant we will work with them.  For advanced use case support, the switches will need to support RADIUS CoA and some form of URL-redirection.

Regards,

-Tim

View solution in original post

0 Helpful
10 Replies 10

Go to solution
ymadheka
Level 4
Level 4

‎03-02-2017 10:43 PM

The customer is using the below Dell switches:

N 2048P  --- Layer 2 Switch

N 4064F --- Layer 3 Switch

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to ymadheka

‎03-03-2017 06:51 AM

Yogesh,

We haven't tested with Dell switches.  That's why they aren't listed in the compatibility matrix. ISE is a standards-based RADIUS server.  So long as they are standards compliant we will work with them.  For advanced use case support, the switches will need to support RADIUS CoA and some form of URL-redirection.

Regards,

-Tim

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎03-03-2017 06:57 AM

Please do keep in mind even if the switches don't support URL redirect or RADIUS COA it may work with new feature in ISE 2.1

Please check out this guide for 3rd party support and other scenarios.

Will need to validate this and test in the lab with the switches

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01000.html#concept_CDD87F6FE3A54351B27FF35316A23DA3

0 Helpful

Go to solution
leonardo_neves
Level 1
Level 1

‎03-08-2021 10:13 AM

Yes, it works.

 

I've already deployed ISE with N2000 Series using Dell OS 6. DOT1X, Mab Authentication, dACL or Filter-ID and Dynamic Vlan Assignment. You just need to create the authorization profiles attributes manually.

cisco-av-pair for dACL, Tunnel-medium-type and so on.

 

Dell OS 6.6 also supports CoA and URL-Redirect but I didn't deployed it.

 

 

Go to solution
Guillermo F.
Level 1
Level 1
In response to leonardo_neves

‎05-12-2022 09:07 AM

Hello Leonardo,

I'm actually working on a project integrating Dell (N Series) NAD's into ISE and would appreciate a clean copy of the switch config if you can provide it. I have the Cisco config but I would like to compare it to Dell's

Thanks!

0 Helpful

Go to solution
leonardo_neves
Level 1
Level 1
In response to Guillermo F.

‎05-12-2022 10:12 AM

Hi Guilhermo,

 

Follow the last firmware version that I've implemented, using this version I also validated TACACS+ and Downloadable ACL via Dot1x, and works really fine.

 

The script bellow does not have TACACS+ and dACL but you can find how to configure easily on manuals.

 

!System Description "Dell EMC Networking N2048, 6.6.0.13, Linux 3.6.5-e3cd5a07, Not Available"
!System Software Version 6.6.0.13
!
authentication enable
authentication dynamic-vlan enable
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
mab request format attribute 1 groupsize 12 separator . lowercase
radius server auth 1.1.1.1
name "RADIUS_NAME"
timeout 3
retransmit 5
key 7 "MY_KEY"
exit
!
interface Gi1/0/1
spanning-tree portfast
switchport mode general
authentication host-mode multi-auth
mab
authentication order mab dot1x
exit
!

0 Helpful

Go to solution
jlaguerre
Level 1
Level 1
In response to leonardo_neves

‎02-07-2023 06:34 AM

Hi Leonardo, I am trying to connect a Dell 3524P switch to ISE with no luck. Any assistance will be greatly appreciated. I have downloaded the Dell EMC Vendor Specific RADIUS Dictionaries for ISE from the following link https://www.network-node.com/blog/2018/11/10/vendor-specific-dictionaries-for-ise and imported into ISE. I add switch as NAD using profile created from VSA, and configured my switch with configs from above. Checking my live logs on ISE, I am not seeing any activity for the Dell Switch, not even a Deny Access. 

0 Helpful

Go to solution
esotelo86
Level 1
Level 1
In response to leonardo_neves

‎11-27-2023 06:37 PM

Hi Leonardo.

Could you help me on how to configure the authorization profile?
I have not been able to get the posture to work.



 

0 Helpful

Go to solution
Matteo Abrile
Level 1
Level 1

‎05-26-2022 06:15 AM

Hello,

some one have network device profiles for DELL series N ?

Thanks

 

M.

0 Helpful
Customers Also Viewed These Support Documents