Cisco Cisco Identity Services Engine 2.1 Guía De Información

For third-party VPN concentrators to integrate with Cisco ISE, the following authentication, 
authorization, and accounting (AAA) attributes must be included in RADIUS communication:

Calling-Station-Id (for MAC_ADDRESS)

USER_NAME

NAS_PORT_TYPE

Also, for VPN devices, the RADIUS accounting message must have the framed-ip-address attribute set 
to the VPN client’s IP address pool.

Refer to

 for more information.

ISR 88x, 89x Series IOS 15.3.2T(ED)

IOS 15.2(2)T

ISR 19x, 29x, 39x 
Series

IOS 15.3.2T(ED)

IOS 15.2(2)T

SGR 2010

IOS 15.3.2T(ED)

IOS 15.3.2T(ED)

4451-X
SM-X L2/L3 
Ethermodule

IOS-XE 3.11

IOS-XE 3.11

ASA 5500, ASA 
5500-X (Remote 
Access Only)

ASA 9.2.1

NA

NA

NA

ASA 9.1.5

NA

NA

NA

Meraki MX 
Platforms

Latest Version

Latest Version

1.

Recommended OS is the version tested for compatibility and stability.

2.

For a complete list of Cisco TrustSec feature support, see 

3.

Minimum OS is the version in which the features got introduced.

4.

Cisco Wireless LAN Controllers (WLCs) and Wireless Service Modules (WiSMs) do not support downloadable ACLs (dACLs), but support named 
ACLs. Autonomous AP deployments do not support endpoint posturing. Profiling services are supported for 802.1X-authenticated WLANs starting from 
WLC release 7.0.116.0 and for MAB-authenticated WLANs starting from WLC 7.2.110.0. FlexConnect, previously known as Hybrid Remote Edge 
Access Point (HREAP) mode, is supported with central authentication configuration deployment starting from WLC 7.2.110.0. For additional details 
regarding FlexConnect support, refer to the release notes for the applicable wireless controller platform.