Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1971
Views
5
Helpful
4
Replies

Switches capable of dynamic vlan assignment

Go to solution
islow1303
Level 1
Level 1

‎03-10-2017 03:47 AM - edited ‎03-11-2019 12:32 AM

Hello together,

I have a question:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Which versions of Cisco layer 2 or 3 switches are able to automatically assign VLANs to the switchport (using cisco ISE)?       +

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

I have a configured a dot1x LAN authentification using a cisco switch and cisco ISE. 

Switch >> Model: WS-C2960G-8TC-L | SW Version: 12.2(50)SE5  (test device)

Now that was just a test and it turned out to be quite positive, however I had to manually assign the VLAN on the switchport. I prefer the switchport to be assigned automatically after negotiating the ISE Authentification and Authorziation...


I need to know which switches and versions are unable to do so and which switches are up to the job. I have several switches available 2950G, 2950XS, 2960G, 2960S, 2960XR & 3850. 

Please do not send me any cisco doc link which are around 3000 pages. A simple and certain answer would be appreciated.

Thank you

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-11-2017 07:01 AM

There is an ISE Compatibility guide that covers exaclty what you are asking. It's not 3000 pages but 24 pages. If you're working much with ISE, it should be on your short list for reference.

http://www.cisco.com/c/en/us/td/docs/security/ise/2-2/compatibility/ise_sdt.html#13367

From it, I've excerpted below the Cat 2k (and Cat 3850) switch models supported for AAA (inncluding VLAN assignment).

The IOS levels are validated (first line) and minimium (second line). 12.2(55)SE10 is really the oldest IOS you want to be working with with respect to ISE. Anything earlier won't give full support (and you may need to go newer based on the hardware requirement). Some things not on the list MAY work, but Cisco doesn't guarantee it.

Catalyst 2960 LAN Base

IOS 12.2(55)SE10

IOS v12.2(55)SE5

Catalyst 2960-C

Catalyst 3560-C

IOS 15.2(2)E4

IOS 12.2(55)EX3

Catalyst 2960-Plus

Catalyst 2960-SF

IOS 15.2(2)E4

IOS 15.0(2)SE7

Catalyst 2960-S

IOS 15.0.2-SE10a

IOS 12.2.(55)SE5

Catalyst 2960–XR
Catalyst 2960–X

IOS 15.2(2)E5
IOS 15.2(4)E2

IOS 15.0.2A-EX5

Catalyst 2960-CX

Catalyst 3560-CX

IOS 15.2(3)E1

IOS 15.2(3)E

Catalyst 3850

IOS-XE 3.6.5E

IOS-XE 3.3.5.E

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to islow1303

‎03-13-2017 05:55 AM

Yes - that IOS is from about 4-5 years ago when I first started working with ISE.

I recall at the time that 12.2(55) was the reference image for base ISE functionality. It had a few bugs initially but they seem to have gotten them sorted out around maintenance release SE8 and later. 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-11-2017 07:01 AM

There is an ISE Compatibility guide that covers exaclty what you are asking. It's not 3000 pages but 24 pages. If you're working much with ISE, it should be on your short list for reference.

http://www.cisco.com/c/en/us/td/docs/security/ise/2-2/compatibility/ise_sdt.html#13367

From it, I've excerpted below the Cat 2k (and Cat 3850) switch models supported for AAA (inncluding VLAN assignment).

The IOS levels are validated (first line) and minimium (second line). 12.2(55)SE10 is really the oldest IOS you want to be working with with respect to ISE. Anything earlier won't give full support (and you may need to go newer based on the hardware requirement). Some things not on the list MAY work, but Cisco doesn't guarantee it.

Catalyst 2960 LAN Base

IOS 12.2(55)SE10

IOS v12.2(55)SE5

Catalyst 2960-C

Catalyst 3560-C

IOS 15.2(2)E4

IOS 12.2(55)EX3

Catalyst 2960-Plus

Catalyst 2960-SF

IOS 15.2(2)E4

IOS 15.0(2)SE7

Catalyst 2960-S

IOS 15.0.2-SE10a

IOS 12.2.(55)SE5

Catalyst 2960–XR
Catalyst 2960–X

IOS 15.2(2)E5
IOS 15.2(4)E2

IOS 15.0.2A-EX5

Catalyst 2960-CX

Catalyst 3560-CX

IOS 15.2(3)E1

IOS 15.2(3)E

Catalyst 3850

IOS-XE 3.6.5E

IOS-XE 3.3.5.E

Go to solution
islow1303
Level 1
Level 1
In response to Marvin Rhoads

‎03-13-2017 03:49 AM

Thank you for the doc. and relevant information Mr. Rhoads.

I believe that my test switch is not assigning VLAN's automatically due to the fact it runs on version 12.2(50)SE5. (Just an assumption based on what I see)

Kind regards

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to islow1303

‎03-13-2017 05:55 AM

Yes - that IOS is from about 4-5 years ago when I first started working with ISE.

I recall at the time that 12.2(55) was the reference image for base ISE functionality. It had a few bugs initially but they seem to have gotten them sorted out around maintenance release SE8 and later. 

0 Helpful

Go to solution
islow1303
Level 1
Level 1
In response to Marvin Rhoads

‎03-14-2017 08:33 AM

Certainly more than just a few bugs :-) 

Preview file
107 KB
0 Helpful
Customers Also Viewed These Support Documents