ISE 2.4 Posture using SNMP COA with extreme switches
This document describes the posture configuration with 3rd party switches (Extreme switch ).
Cisco recommends that you have knowledge of these topics:
• Basic knowledge of SNMP Protocol
• Prior knowledge of regular expressions
• Prior knowledge of Cisco Identity Service Engine (ISE)
• Identity Service Engine 2.4.
• Anyconnect 4.5.03040.
• SNMP Supported Switches
• Extreme Switch.
The information in this document is based on ISE Version 2.4 & extreme switch X440-48p version 16.2.
The information in this document was created from the devices in a specific lab environment. All of the devices
used in this document started with a cleared (default) configuration. If your network is live, ensure that you
understand the potential impact of any command.
Two new feature had been used to get the posture work with extreme switches :
1. Call home list in ISE 2.2 and later :
Extremes switches don't support the URL redirection , so we used this feature to allow AC posture to discover
the PSN and to make a connection with it.
2. SNMP COA separate request in ISE 2.4 :
this feature has been developed in ISE version 2.4 to fix BUG CSCvd06733.
current SNMP CoA sends both values (disable/enable) in same request. The Extreme switch can not perform this request. it requests each value in different request, and this feature fix the compatibility issue with extreme switches.
Step.1 AAA & Dot1X configuration:
- configure radius netlogin primary server (PSN IP address) 1812 client-ip (Switch IP address) vr VR-Default
Hi I have a couple of ASA 5506-X that have some GRE and VPN tunnels pass through.In the past it happened that some tunnels no longer worked. No changes were made and there weren't any drops to the firewall. The problem could only be solved by rebooti...
Hello everyone,I'm looking for a way to exclude a specific application (or a port) from an alarm or from the security event itself.The reason is the "Windows Update Delivery" function causing Addr_Scan events resulting in Recon alarms.I would like to disc...
Good morning I tried to install IPSEC on the above mentioned router, but the router does not accept the commands (I REMOVED MY NAMES AND IP ADDRESS):crypto isakmp policy 1hash md5authentication pre-sharecrypto isakmp key XXXXXXXX address X.X.X.X!!cry...
Good evening! I've set up our Guest self registration portal. It works great! Only two items that are plaguing me right now. When the user self registers, the sponsor receives the email to Approve or Deny. The sponsor clicks ...