Cisco Cisco Identity Services Engine 1.3 Guide D’Information
2
Cisco Identity Services Engine Network Component Compatibility, Release 1.3
Supported Network Access Devices
Group Access (SGA), and downloadable access control lists (ACLs), are only supported on Cisco
devices. For a full list of supported Cisco devices, see
devices. For a full list of supported Cisco devices, see
The NADs that are not explicitly listed in
and do not support RADIUS CoA must use inline
posture.
For information on enabling specific functions of Cisco ISE on network switches, see the “Switch and
Wireless LAN Controller Configuration Required to Support Cisco ISE Functions” chapter in
Wireless LAN Controller Configuration Required to Support Cisco ISE Functions” chapter in
.
Note
Some switch models and IOS versions may have reached the end-of-life date and interoperability may
not be fully supported.
not be fully supported.
Caution
To support the Cisco ISE profiling service, use the latest version of NetFlow, which has additional
functionality that is needed to operate the profiler. If you use NetFlow version 5, then you can use
version 5 only on the primary NAD at the access layer, as it will not work anywhere else.
functionality that is needed to operate the profiler. If you use NetFlow version 5, then you can use
version 5 only on the primary NAD at the access layer, as it will not work anywhere else.
For Wireless LAN Controllers, note the following:
•
MAB supports MAC filtering with RADIUS lookup.
•
Support for session ID and COA with MAC filtering provides MAB-like functionality.
•
DNS based ACL feature will be supported in WLC 8.0. Not all Access Points support DNS based
ACL. Refer to Cisco Access Points Release Notes for more details.
ACL. Refer to Cisco Access Points Release Notes for more details.
lists the support for the devices as follows:
•
√
— Fully supported
•
X
— Not supported
•
!
— Limited support, some functionalities are not supported
The following are the functionalities supported by each feature:
Feature
Functionality
AAA
802.1X, MAB, VLAN Assignment, dACL
Profiling
RADIUS CoA and Profiling Probes
BYOD
RADIUS CoA, URL Redirection + SessionID
Guest
RADIUS CoA, URL Redirection + SessionID, Local Web Auth
Posture
RADIUS CoA, URL Redirection + SessionID or IPN
MDM
RADIUS CoA, URL Redirection + SessionID
TrustSec
SGT Classification