Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
4116
Views
5
Helpful
0
Comments

Cisco ISE (Identity Services Engine) IPv6 support

howon
Cisco Employee
Cisco Employee

‎10-05-2021 06:58 PM - edited ‎02-01-2022 10:59 AM

 

Related documents

Cisco ISE - IPv6/DHCPv6 profiling

Configure Cisco ISE 3.0 Admin Portal and CLI with IPv6

Cisco ISE (Identity Services Engine) IPv6 features by release

2.6

ISE Management

You can access and manage a Cisco ISE node over an IPv6 address, and configure an IPv6 address to Eth0 (Interface) during setup wizard as well as through CLI. If you choose to configure IPv6 address, you should also have an IPv4 address configured (in addition to IPv6 address) for the Cisco ISE node communication. Hence, dual stack (combination of both IPv4 and IPv6) is required.
You can also manage Secure Socket Shell (SSH) with IPv6 addresses. Cisco ISE supports multiple IPv6 addresses on any interface and these IPv6 addresses can be configured and managed using CLI.

Network Time Protocol Support

You can access, configure, and manage Network Time Protocol (NTP) servers with IPv4, FQDN, IPv6 addresses, or with a mix of these. Cisco ISE also supports NTP server fallback mechanism and server authentication over an IPv6 address.

Domain Name System Support

You can configure a combination of IPv4 and IPv6 Domain Name System (DNS) servers and even manage IPv4 or IPv6-based DNS servers through CLI and GUI. Static hostnames can be mapped with IPv6 addresses.

External Repositories

You can add an external repository in Cisco ISE with an IPv6 address. Communication between a Cisco ISE node and an IPv6 external repository is possible when the node has an IPv6 address configured to Eth0.

Audit Logs and Reports

You can view the reports relating to login and logout activities, password changes, and operational changes made by you while accessing Cisco ISE through an IPv6 address. These events can be viewed in the audit reports available in the Cisco ISE dashboard.

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) traps and MIBs can be communicated through IPv6 addresses. You can configure IPv4-based, IPv6-based SNMP or multiple SNMP (a mix of IPv4 and IPv6) servers.

Access Control Lists And Dynamic Access Control Lists

From Cisco ISE, Release 2.6, you can define Access Control Lists (ACLs), Dynamic Access Control Lists (DACLs) and Cisco Airespace ACLs with IPv6 addresses.

Active Directory

You can connect to the IPv6 Active Directory from Cisco ISE.

External Restful Service Portal

External Restful Service is available on an IPv6 client.

Syslog Client or Logging Targets

You can configure IPv6-based syslog targets.

Posture

You can access RADIUS servers with an IPv6 address.


2.4

IPv6 Support for RADIUS

IPv6 addresses are now supported for RADIUS configurations. The IP Address field in the Administration > Network Resources > Network Devices page and the Host IP field in the Administration > Network Resources > External RADIUS Server page now support both IPv4 and IPv6 addresses for RADIUS configurations.

SGT

Ipv6 check status: IPv6 addresses can be used in IP SGT static mappings. These mappings can be propagated using SSH or SXP to specific network devices or network device groups.
Create IP static mappings with IPv6 addresses.

 

2.3

IPv6 Support for External ID Store Attributes

Cisco ISE allows you to configure the AD and LDAP server with IPv4 or IPv6 address when you manually add the attribute type IP and authenticate the user.

Support for Network Device with IPv6 Address

Cisco ISE allows you to configure the network devices with IPv4 or IPv6 address. You can also export and import the network devices with IPv4 or IPv6 address.
You can also add IPv4 or IPv6 address for the Device IP address attribute in the conditions and rules used in the authentication and authorization policies.

 

2.2

User custom attribute with ipv6

pxGrid session topic filtering with ipv6

 

2.1

Enable or Disable IPv6 on Each Interface

This release of Cisco ISE provides an option from the CLI to enable or disable IPv6 at the interface level.

 

2.0

Support for IPv6-enabled Endpoints

Cisco ISE can detect, manage, and secure IPv6 traffic from endpoints. You can configure authorization profiles and policies in Cisco ISE using IPv6 attributes to process requests from IPv6-enabled endpoints and ensure that the endpoint is compliant.

IPv6 Support in Reports

Reports in Release 2.0 support IPv6 values. The Live Session and Live Authentication pages also support IPv6 values.

IPv6 Support in CLI

Release 2.0 supports IPv6 in the following CLI commands:

ipv6 address — To allow for static IPv6 address configuration per network interface

ipv6 enable — To enable or disable IPv6 on all network interfaces

ipv6 route — To configure IPv6 static routes

ip host — To add IPv6 addresses in host local table

show ipv6 route — To display IPv6 routes

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Quick Links
Discussions
Customers Also Viewed These Support Documents