Cisco ISE - IPv6/DHCPv6 profiling
Configure Cisco ISE 3.0 Admin Portal and CLI with IPv6
Cisco ISE (Identity Services Engine) IPv6 features by release
You can access and manage a Cisco ISE node over an IPv6 address, and configure an IPv6 address to Eth0 (Interface) during setup wizard as well as through CLI. If you choose to configure IPv6 address, you should also have an IPv4 address configured (in addition to IPv6 address) for the Cisco ISE node communication. Hence, dual stack (combination of both IPv4 and IPv6) is required.
You can also manage Secure Socket Shell (SSH) with IPv6 addresses. Cisco ISE supports multiple IPv6 addresses on any interface and these IPv6 addresses can be configured and managed using CLI.
Network Time Protocol Support
You can access, configure, and manage Network Time Protocol (NTP) servers with IPv4, FQDN, IPv6 addresses, or with a mix of these. Cisco ISE also supports NTP server fallback mechanism and server authentication over an IPv6 address.
Domain Name System Support
You can configure a combination of IPv4 and IPv6 Domain Name System (DNS) servers and even manage IPv4 or IPv6-based DNS servers through CLI and GUI. Static hostnames can be mapped with IPv6 addresses.
You can add an external repository in Cisco ISE with an IPv6 address. Communication between a Cisco ISE node and an IPv6 external repository is possible when the node has an IPv6 address configured to Eth0.
Audit Logs and Reports
You can view the reports relating to login and logout activities, password changes, and operational changes made by you while accessing Cisco ISE through an IPv6 address. These events can be viewed in the audit reports available in the Cisco ISE dashboard.
Simple Network Management Protocol
Simple Network Management Protocol (SNMP) traps and MIBs can be communicated through IPv6 addresses. You can configure IPv4-based, IPv6-based SNMP or multiple SNMP (a mix of IPv4 and IPv6) servers.
Access Control Lists And Dynamic Access Control Lists
From Cisco ISE, Release 2.6, you can define Access Control Lists (ACLs), Dynamic Access Control Lists (DACLs) and Cisco Airespace ACLs with IPv6 addresses.
You can connect to the IPv6 Active Directory from Cisco ISE.
External Restful Service Portal
External Restful Service is available on an IPv6 client.
Syslog Client or Logging Targets
You can configure IPv6-based syslog targets.
You can access RADIUS servers with an IPv6 address.
IPv6 Support for RADIUS
IPv6 addresses are now supported for RADIUS configurations. The IP Address field in the Administration > Network Resources > Network Devices page and the Host IP field in the Administration > Network Resources > External RADIUS Server page now support both IPv4 and IPv6 addresses for RADIUS configurations.
Ipv6 check status: IPv6 addresses can be used in IP SGT static mappings. These mappings can be propagated using SSH or SXP to specific network devices or network device groups.
Create IP static mappings with IPv6 addresses.
IPv6 Support for External ID Store Attributes
Cisco ISE allows you to configure the AD and LDAP server with IPv4 or IPv6 address when you manually add the attribute type IP and authenticate the user.
Support for Network Device with IPv6 Address
Cisco ISE allows you to configure the network devices with IPv4 or IPv6 address. You can also export and import the network devices with IPv4 or IPv6 address.
You can also add IPv4 or IPv6 address for the Device IP address attribute in the conditions and rules used in the authentication and authorization policies.
User custom attribute with ipv6
pxGrid session topic filtering with ipv6
Enable or Disable IPv6 on Each Interface
This release of Cisco ISE provides an option from the CLI to enable or disable IPv6 at the interface level.
Support for IPv6-enabled Endpoints
Cisco ISE can detect, manage, and secure IPv6 traffic from endpoints. You can configure authorization profiles and policies in Cisco ISE using IPv6 attributes to process requests from IPv6-enabled endpoints and ensure that the endpoint is compliant.
IPv6 Support in Reports
Reports in Release 2.0 support IPv6 values. The Live Session and Live Authentication pages also support IPv6 values.
IPv6 Support in CLI
Release 2.0 supports IPv6 in the following CLI commands:
ipv6 address — To allow for static IPv6 address configuration per network interface
ipv6 enable — To enable or disable IPv6 on all network interfaces
ipv6 route — To configure IPv6 static routes
ip host — To add IPv6 addresses in host local table
show ipv6 route — To display IPv6 routes