ISE 2.4 Posture using SNMP COA with extreme switches
This document describes the posture configuration with 3rd party switches (Extreme switch ).
Cisco recommends that you have knowledge of these topics:
• Basic knowledge of SNMP Protocol
• Prior knowledge of regular expressions
• Prior knowledge of Cisco Identity Service Engine (ISE)
• Identity Service Engine 2.4.
• Anyconnect 4.5.03040.
• SNMP Supported Switches
• Extreme Switch.
The information in this document is based on ISE Version 2.4 & extreme switch X440-48p version 16.2.
The information in this document was created from the devices in a specific lab environment. All of the devices
used in this document started with a cleared (default) configuration. If your network is live, ensure that you
understand the potential impact of any command.
Two new feature had been used to get the posture work with extreme switches :
1. Call home list in ISE 2.2 and later :
Extremes switches don't support the URL redirection , so we used this feature to allow AC posture to discover
the PSN and to make a connection with it.
2. SNMP COA separate request in ISE 2.4 :
this feature has been developed in ISE version 2.4 to fix BUG CSCvd06733.
current SNMP CoA sends both values (disable/enable) in same request. The Extreme switch can not perform this request. it requests each value in different request, and this feature fix the compatibility issue with extreme switches.
Step.1 AAA & Dot1X configuration:
- configure radius netlogin primary server (PSN IP address) 1812 client-ip (Switch IP address) vr VR-Default
Running a C4506-E 15.2(2)E8
Machines are authenticating through ISE. Within 30 seconds one will fail to authenticate (After it has already passed authentication)..It seems like a round robin of machines that are failing to authenticate after they a...
this is a fresh ise installation. the ntp is already configured but when issuing show ntp below is what i can get:
configured ntp servers:
<ntp ip address>
unable to talk to NTP daemon. Is it running?
% To Restart NTP do 'no ntp server' followed by ...
Hello Community Members, I've just recently run accross my config and noticed I have an Internal Control and Internal Data interfaces in my Cisco ASA 5516-x. Internal-Control1/1 127.0.1.1 YES unset up upInternal-Data1/1 unassigned YE...
Hi everyone, I would like to get a expert advice on Cisco ASA site to site VPN tunnel failover between two different site firewall. I know vpn- loadbalancing is used for remote access VPN users with 2 ASA configured for load balancing and ...