ISE 2.4 Posture using SNMP COA with extreme switches
This document describes the posture configuration with 3rd party switches (Extreme switch ).
Cisco recommends that you have knowledge of these topics:
• Basic knowledge of SNMP Protocol
• Prior knowledge of regular expressions
• Prior knowledge of Cisco Identity Service Engine (ISE)
• Identity Service Engine 2.4.
• Anyconnect 4.5.03040.
• SNMP Supported Switches
• Extreme Switch.
The information in this document is based on ISE Version 2.4 & extreme switch X440-48p version 16.2.
The information in this document was created from the devices in a specific lab environment. All of the devices
used in this document started with a cleared (default) configuration. If your network is live, ensure that you
understand the potential impact of any command.
Two new feature had been used to get the posture work with extreme switches :
1. Call home list in ISE 2.2 and later :
Extremes switches don't support the URL redirection , so we used this feature to allow AC posture to discover
the PSN and to make a connection with it.
2. SNMP COA separate request in ISE 2.4 :
this feature has been developed in ISE version 2.4 to fix BUG CSCvd06733.
current SNMP CoA sends both values (disable/enable) in same request. The Extreme switch can not perform this request. it requests each value in different request, and this feature fix the compatibility issue with extreme switches.
Step.1 AAA & Dot1X configuration:
- configure radius netlogin primary server (PSN IP address) 1812 client-ip (Switch IP address) vr VR-Default
Hi, I have a 4 FTD FW ( 2 FP2130 & 2 FP 2110 ) managed by FMC v 6.5.0 I have 4 critical health monitor notification ( threat data updates on devices cisco cloud configuration - failure ) at each FWI don`t know what the meaning of ...
Currently having an issue with an ASA I am configuring where the NAT rules are being ignored. I am able to get to the external IP of the ASA but not to any devices on the inside. Connecting directly onto a server on the inside, I can see that ...
I have two ASAs connected successfully via a point to point vpn. Then I have another successfully connected Site to Site VPN between the second ASA to Azure's cloud. Now I want to allow the first ASAs subnets to access the Azure Cloud subnets ...
Hello, I am working on a MAB protocol Wireless SSID. I would like guests and employee byod to join this singular portal & SSID. I do not wish to provision BYOD. Here is the thread I am working from:https://community.cisco.com/t5/network-acc...
To participate in this event, please use the button to ask your questions
This topic is a chance to clarify your questions about Cisco Email Security Appliance (ESA) solutions.
Ask questions from ...