Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2375
Views
1
Helpful
2
Replies

SMB switches with ISE

Go to solution
saghisha
Cisco Employee
Cisco Employee

‎11-13-2017 10:59 PM

Dear Team

Can you please elaborate on how far in terms of features can we support the SMB switches (SF300) with the ISE.

Regards,

Samer Ghishan

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10
In response to hslai

‎11-14-2017 07:58 PM

There is also the following guide: https://supportforums.cisco.com/t5/small-business-support-documents/windows-integrated-802-1x-authentication-authorization-accouting/ta-p/3146208

...and a recently posted NAD Profile and Config posted here: ISE Third-Party NAD Profiles and Configs

That said, recent feedback from the product team of the Sx300/500 series have stated that MAB is not officially supported, at least not in the way that  MAC auth works on IOS devices.  The command set is a bit different and there is no Service-Type to help differentiate between 802.1X and MAC Auth.   I have not tested myself (and actually ordered a couple switches to do so in my ample spare time!), but believe that it may be possible to discern via MAB EAP.   Note that even then, the specific services are limited and may require DNS/DHCP server function on ISE to provide web-based services.  This also requires support for CoA.  This also requires validation to see if SNMP CoA will work with these models.  In short, there are some basic 802.1X capabilities with VLAN assignment. Additional features are either not supported or fully vetted.

/Craig

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-14-2017 12:49 AM

SF300 is not currently in ISE compatibility matrix so it's not tested by our team, but it's likely similar to SMB SG500 entry in Supported Cisco Access Switches.


I would suggest to consult with the SMB platform team, in addition to read up the info available on the web, such as

Go to solution
Craig Hyps
Level 10
Level 10
In response to hslai

‎11-14-2017 07:58 PM

There is also the following guide: https://supportforums.cisco.com/t5/small-business-support-documents/windows-integrated-802-1x-authentication-authorization-accouting/ta-p/3146208

...and a recently posted NAD Profile and Config posted here: ISE Third-Party NAD Profiles and Configs

That said, recent feedback from the product team of the Sx300/500 series have stated that MAB is not officially supported, at least not in the way that  MAC auth works on IOS devices.  The command set is a bit different and there is no Service-Type to help differentiate between 802.1X and MAC Auth.   I have not tested myself (and actually ordered a couple switches to do so in my ample spare time!), but believe that it may be possible to discern via MAB EAP.   Note that even then, the specific services are limited and may require DNS/DHCP server function on ISE to provide web-based services.  This also requires support for CoA.  This also requires validation to see if SNMP CoA will work with these models.  In short, there are some basic 802.1X capabilities with VLAN assignment. Additional features are either not supported or fully vetted.

/Craig

0 Helpful
Customers Also Viewed These Support Documents