Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1177
Views
0
Helpful
2
Replies

Switch Configuration Required to Support Cisco ISE Functions

Syed Yasir Imam
Level 1
Level 1

‎08-15-2017 09:28 AM - edited ‎03-11-2019 12:56 AM

https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.html

Above link was very useful to configure switches but new IOS like Denali version 16.3.3 for WS-C3850-12X48U doesnt accept many commands related to profiling and device tracking.

Can some one please help?

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-15-2017 10:10 AM

The new style is known as Identity Based Network Services (IBNS). (The QoS team found a new victim for MQC syntax.)

Have a look at these guides and see if they help:

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-729965.html

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-x-series-switches/207193-Configure-IBNS-2-0-for-Single-Host-and-M.html

0 Helpful

Rob Ingram
VIP
VIP

‎08-15-2017 10:22 AM

When you refer to profiling commands I assume you are referring to device sensor? If you are using the IBNS 2.0 commands the syntax for the commands are now access-session xxxxx

So you may need commands such as:

access-session attributes filter-list list FILTER_LIST

 cdp

 lldp

 dhcp

access-session accounting attributes filter-spec include list FILTER_LIST


Ensure you've configured aaa accounting to send to the radius server as this profiling data is encapsulated inside the radius accounting packet.

Check the ISE accounting logs to ensure ISE is receiving the profiling data.

For 3650 I believe device tracking has been enabled as default

0 Helpful
Customers Also Viewed These Support Documents