Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
0
Helpful
1
Replies

ISE

tony.ng011
Level 1
Level 1

‎07-04-2016 09:24 PM - edited ‎03-10-2019 11:54 PM

  • We will upgrade our switches to IOS version 15.2(2)E4. Please check whether the ISE can work with our switches in case of bypass. And, the bypass (failover) mode setting?
  • You suggested to use “SNS-3415 OVA”. However, The appliance 3415 will be eos soon. I afraid the support (and the cisco forum) on the model 3415 will become minority. How about if we use “SNS-3515 OVA”, and any considerations?
  • We are using static IP for end-user notebook now. And, if there is any changing on the notebook’s IP, it will update to our internal DNS server (in Windows AD) .

We would like to know the case after deploying NAC. Is the DHCP server configured in the Windows AD? Also, please share on the change of the update (internal DNS server) process.

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎07-05-2016 12:14 AM

 We will upgrade our switches to IOS version 15.2(2)E4. Please check whether the ISE can work with our switches in case of bypass. And, the bypass (failover) mode setting?

You find this information on the Cisco Identity Services Engine Network Component Compatibility on cisco.com. There you can check it based on your switch models. In case you need a new version of the document, the search term is "ISE compatibility".

You suggested to use “SNS-3415 OVA”. However, The appliance 3415 will be eos soon. I afraid the support (and the cisco forum) on the model 3415 will become minority. How about if we use “SNS-3515 OVA”, and any considerations?

At least this was the former actual OVA to install from. Now where the 3515 is available you are free to use that (I would). For support, it's more important what you run inside your VM.

We are using static IP for end-user notebook now. And, if there is any changing on the notebook’s IP, it will update to our internal DNS server (in Windows AD) .

I would rethink this design. Nowadays you get the most security when you put as many clients as possible on DHCP (with or without reservation). With DHCP you can run additional security-services like DHCP-snooping and ARP-inspection. DHCP-Snooping is also important for your dACLs to work correctly.

0 Helpful
Customers Also Viewed These Support Documents