04-25-2024 02:11 PM
Hello,
I have seen in several places this commands as best practice.
Are they still needed/helpful ?
-epm logging
-logging host <ISE_IP_address_x> transport udp port 20514
-epm access-control open or access-session acl default passthrough
-device classifier
thank you
regards
04-25-2024 04:41 PM
Hello
-epm logging
Not required - legacy troubleshooting thing for very early ISE releases.
-logging host <ISE_IP_address_x> transport udp port 20514
Nope - that was a very early ISE requirement - but ISE will not enrich its Live Logs with the SYSLOGs of Network Devices.
-epm access-control open or access-session acl default passthrough
Not required - legacy troubleshooting thing for very early ISE releases.
-device classifier
Nope - You only need the IOS Device-Sensor these days. IOS Device Classifier is a handy mechanism to decode the MAC OUI Prefixes into something more human readable. But it's not needed for NAC or for ISE.
There is an old thread that explains some of the history too.
04-26-2024 07:02 AM
Hello,
thanks for the reply.
Is there a current switch config guide for best practices by Cisco?
Thank you.
04-26-2024 08:00 AM
I would recommend these two links to start with:
Switch Configuration for ISE dot1x — Networking fun (network-node.com)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide