cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
922
Views
0
Helpful
4
Replies

Passive ID support with HP 5120 EI Switch

Keith Simmons
Cisco Employee
Cisco Employee

Team,

We are the middle of a ISE POV and we are validating ISE functionality with a HP 5120 EI Switch based on the configuration template below.

We have validated traditional vlan assignment with the config template below works but when we try to turn on passive id under the HP Network Device Profile there is no option for passive identity tracking. W e also tried duplicating the profile and there also is no option to do so.

I was under the impression that Passive-ID has no NAD dependencies other than sending a Radius or SNMP COA to the NAD to change the endpoints authorization state.

Is passive id tracking  supported or not supported with 3rd Party vendors

Please advise

HP-HEC-A550-NAD-Config

https://communities.cisco.com/servlet/JiveServlet/previewBody/70347-102-2-133289/HP-H3C-A5500-NAD-Config.pdf

4 Replies 4

howon
Cisco Employee
Cisco Employee

3rd party NAD with Easy Connect or PID has not been officially tested. If you simply want to expose PID Tracking in the UI, then simply copy one of the Cisco NAD profile and modify it to match settings of the HP device profile. Aside from CoA, note that PID session merge uses IP address as common attribute between network event and AD event and if the HP device is not capable of sending IP via RADIUS accounting, ISE will not be able to merge the two events.

This suggestion does not work.

Below is what i did:

1. Copy Cisco ND profile

2. Renamed the Profile to "HPNewNADProfile"

2. Replicated the  HP ND switch profile Config into new Cisco Profile named "HPNewNADProfile"

Results are as followed.

1. No option for passive id checking in the Authz Profile

2. Tried to auth a endpoint with new profile and recieved

15052Authorization profile/s specified are not suited for this Network Access Device
15039Rejected per authorization profile
11003Returned RADIUS Access-Reject

I must be configuring something wrong please advise

mulatif

Try duplicating the HP Profile and setting vendor to Cisco.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: