ISE 2.4 Posture using SNMP COA with extreme switches
This document describes the posture configuration with 3rd party switches (Extreme switch ).
Cisco recommends that you have knowledge of these topics:
• Basic knowledge of SNMP Protocol
• Prior knowledge of regular expressions
• Prior knowledge of Cisco Identity Service Engine (ISE)
• Identity Service Engine 2.4.
• Anyconnect 4.5.03040.
• SNMP Supported Switches
• Extreme Switch.
The information in this document is based on ISE Version 2.4 & extreme switch X440-48p version 16.2.
The information in this document was created from the devices in a specific lab environment. All of the devices
used in this document started with a cleared (default) configuration. If your network is live, ensure that you
understand the potential impact of any command.
Two new feature had been used to get the posture work with extreme switches :
1. Call home list in ISE 2.2 and later :
Extremes switches don't support the URL redirection , so we used this feature to allow AC posture to discover
the PSN and to make a connection with it.
2. SNMP COA separate request in ISE 2.4 :
this feature has been developed in ISE version 2.4 to fix BUG CSCvd06733.
current SNMP CoA sends both values (disable/enable) in same request. The Extreme switch can not perform this request. it requests each value in different request, and this feature fix the compatibility issue with extreme switches.
Step.1 AAA & Dot1X configuration:
- configure radius netlogin primary server (PSN IP address) 1812 client-ip (Switch IP address) vr VR-Default
Hi Everyone, Need to confirm below config is good for Dynamic NAT on 8.2 nat (outside) 1 access-list Security outsideaccess-list Security extended permit ip object-group Outside object-group Test logobject-group network Outsidenetwork-object hos...
If FinalCatchAllRule in Default egress rule is set to Deny_IP on TrustSec EgressPolicy Matrix screen, it seems that not only overlay but also underlay communication will be denied. I want to know the setting that only overlay communication is rejecte...
Hello Email Security Community,Perhaps this question was asked many times and I did do my best to search through the whole forum.I followed an advice but still, scratching my head trying to understand what is wrong.I need to whitelist a specific email add...
Hi Guys,Today i have a topology where i have a nexus 7K, where there are multiple VRFs that terminate on 4140 Cluster.One or more VRF is part of a zone on the Firepower. the Firepower doesnt have any VRF. Policies are used to control access to ...