Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
15098
Views
6
Helpful
1
Comments

Cisco ISE (Identity Services Engine) IPv6 support

howon
Cisco Employee
Cisco Employee

on ‎10-05-2021 06:58 PM - edited on ‎11-22-2024 09:53 AM by Cisco Employee

 

Related documents

Cisco ISE - IPv6/DHCPv6 profiling

Configure Cisco ISE 3.0 Admin Portal and CLI with IPv6

Cisco ISE (Identity Services Engine) IPv6 features by release

3.3

IPv6 Support for Portals and Posture Features

Cisco ISE Release 3.3 adds IPv6 support for the following portals, and features in ISE portal and posture.

Cisco ISE Portals with IPv6 Support

  • Sponsor Portal and MyDevices Portal
  • Client Provisioning Portal and Certificate Provisioning Portal
  • Guest Portals (Hotspot, Self-Registrated, and Sponsored)
  • Blocked List Portal

 

Cisco ISE Portal Features with IPv6 Support

  • Single Click Sponsor Approval
  • Auto Login and Grace Period
  • Validation of Credentials for Guest Portal
  • Guest Portal Posture Flow using Temporal Agent
  • 802.1X / VPN - Posture Flow with Cisco Secure Client / AnyConnect

 

Cisco ISE Posture Features with IPv6 Support

  • Cisco Secure Client
  • Cisco ISE Temporal Agent
  • Agentless

NOTE: The static IP/host name/FQDN field in the common task for web redirection in an authorization profile does not accept an IPv6 address. Instead, specify an FQDN there and make sure the clients able to resolve it to the IPv6 address of the ISE PSN that authenticates them to the network.

 

2.6

ISE Management

You can access and manage a Cisco ISE node over an IPv6 address, and configure an IPv6 address to Eth0 (Interface) during setup wizard as well as through CLI. If you choose to configure IPv6 address, you should also have an IPv4 address configured (in addition to IPv6 address) for the Cisco ISE node communication. Hence, dual stack (combination of both IPv4 and IPv6) is required.
You can also manage Secure Socket Shell (SSH) with IPv6 addresses. Cisco ISE supports multiple IPv6 addresses on any interface and these IPv6 addresses can be configured and managed using CLI.

Network Time Protocol Support

You can access, configure, and manage Network Time Protocol (NTP) servers with IPv4, FQDN, IPv6 addresses, or with a mix of these. Cisco ISE also supports NTP server fallback mechanism and server authentication over an IPv6 address.

Domain Name System Support

You can configure a combination of IPv4 and IPv6 Domain Name System (DNS) servers and even manage IPv4 or IPv6-based DNS servers through CLI and GUI. Static hostnames can be mapped with IPv6 addresses.

External Repositories

You can add an external repository in Cisco ISE with an IPv6 address. Communication between a Cisco ISE node and an IPv6 external repository is possible when the node has an IPv6 address configured to Eth0.

Audit Logs and Reports

You can view the reports relating to login and logout activities, password changes, and operational changes made by you while accessing Cisco ISE through an IPv6 address. These events can be viewed in the audit reports available in the Cisco ISE dashboard.

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) traps and MIBs can be communicated through IPv6 addresses. You can configure IPv4-based, IPv6-based SNMP or multiple SNMP (a mix of IPv4 and IPv6) servers.

Access Control Lists And Dynamic Access Control Lists

From Cisco ISE, Release 2.6, you can define Access Control Lists (ACLs), Dynamic Access Control Lists (DACLs) and Cisco Airespace ACLs with IPv6 addresses.

Active Directory

You can connect to the IPv6 Active Directory from Cisco ISE.

External Restful Service Portal

External Restful Service is available on an IPv6 client.

Syslog Client or Logging Targets

You can configure IPv6-based syslog targets.

Posture

You can access RADIUS servers with an IPv6 address.


2.4

IPv6 Support for RADIUS

IPv6 addresses are now supported for RADIUS configurations. The IP Address field in the Administration > Network Resources > Network Devices page and the Host IP field in the Administration > Network Resources > External RADIUS Server page now support both IPv4 and IPv6 addresses for RADIUS configurations.

SGT

Ipv6 check status: IPv6 addresses can be used in IP SGT static mappings. These mappings can be propagated using SSH or SXP to specific network devices or network device groups.
Create IP static mappings with IPv6 addresses.

 

2.3

IPv6 Support for External ID Store Attributes

Cisco ISE allows you to configure the AD and LDAP server with IPv4 or IPv6 address when you manually add the attribute type IP and authenticate the user.

Support for Network Device with IPv6 Address

Cisco ISE allows you to configure the network devices with IPv4 or IPv6 address. You can also export and import the network devices with IPv4 or IPv6 address.
You can also add IPv4 or IPv6 address for the Device IP address attribute in the conditions and rules used in the authentication and authorization policies.

IPv6 TACACS Support for:

  • Network Devices
  • TACACS Authentication
  • TACACS Authorization
  • TACACS Accounting
  • Connection modes
  • Live Logs and Reporting
  • Proxy (AAA, Accounting- local, remote)

 

2.2

User custom attribute with ipv6

pxGrid session topic filtering with ipv6

 

2.1

Enable or Disable IPv6 on Each Interface

This release of Cisco ISE provides an option from the CLI to enable or disable IPv6 at the interface level.

 

2.0

Support for IPv6-enabled Endpoints

Cisco ISE can detect, manage, and secure IPv6 traffic from endpoints. You can configure authorization profiles and policies in Cisco ISE using IPv6 attributes to process requests from IPv6-enabled endpoints and ensure that the endpoint is compliant.

IPv6 Support in Reports

Reports in Release 2.0 support IPv6 values. The Live Session and Live Authentication pages also support IPv6 values.

IPv6 Support in CLI

Release 2.0 supports IPv6 in the following CLI commands:

ipv6 address — To allow for static IPv6 address configuration per network interface

ipv6 enable — To enable or disable IPv6 on all network interfaces

ipv6 route — To configure IPv6 static routes

ip host — To add IPv6 addresses in host local table

show ipv6 route — To display IPv6 routes

 

Comments
Lyn17
Level 1
Level 1
‎05-23-2023 08:40 AM

I can't access the ISE GUI using it's configured IPv6 address(https://[valid_ipv6]. I'm able to ssh using IPv6 address.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents