Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1801
Views
0
Helpful
2
Replies

Non-compatible switches and ISE

Go to solution
ankaushi
Cisco Employee
Cisco Employee

‎06-06-2017 12:24 AM

There are few switches in the environment which are not supported with ISE as per the Cisco ISE compatibility matrix. Customer has a concern as there are a lot of switches which are not compatible and upgrading these switches is a big investment. I was looking through the options and found out that ISE 2.1 have the SNMP CoA for the non-compatible switches. But I could not find out the document which states the use case that would be supported by SNMP CoA.

Use cases implemented in this environment on Wired

  1. Corporate users using corporate machine – Dot1x authentication using certificates (User + Machine) and Posture assessment.
  2. Third Party users/Corporate users using non-corporate devices – CWA + BYOD onboarding + Profiling + Posture
  3. Guest Users – Guest authentication

Existing non-compatible switch models

Catalyst 355024 PWR

Catalyst 356024 PS

Catalyst 356048 PS

Cisco Catalyst 3560-8PC

Cisco WSC 6513

Cisco WS-C6513

WS-C3750-24PS-S

WS-C3750-48PS-S

WS-C6513

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎06-06-2017 11:03 AM

Hi,

There are several in that list that are compatible.  Specifically the 3560s.  We don't call out individual port designations such as 24, 48, etc.  They should work fine.  The older switches aren't included in the compatibility matrix because they have been EoL.  We typically drop them from the matrix when this occurs.  That doesn't necessarily mean they will not work with ISE.  In addition to SNMP CoA, you could also explore the other 3rd party features such as DHCP and DNS sinkholing that will allow support for devices that don't support RADIUS CoA or URL-Redirect with session ID.

Regards,

-Tim

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎06-06-2017 11:03 AM

Hi,

There are several in that list that are compatible.  Specifically the 3560s.  We don't call out individual port designations such as 24, 48, etc.  They should work fine.  The older switches aren't included in the compatibility matrix because they have been EoL.  We typically drop them from the matrix when this occurs.  That doesn't necessarily mean they will not work with ISE.  In addition to SNMP CoA, you could also explore the other 3rd party features such as DHCP and DNS sinkholing that will allow support for devices that don't support RADIUS CoA or URL-Redirect with session ID.

Regards,

-Tim

0 Helpful

Go to solution
ankaushi
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎06-07-2017 02:22 AM

Thanks Tim.

Regards,

Anshul

0 Helpful
Customers Also Viewed These Support Documents