Cisco Cisco Identity Services Engine 1.3 Guide D’Information

Group Access (SGA), and downloadable access control lists (ACLs), are only supported on Cisco 
devices. For a full list of supported Cisco devices, see 

The NADs that are not explicitly listed in 

 and do not support RADIUS CoA must use inline 

posture.

For information on enabling specific functions of Cisco ISE on network switches, see the “Switch and 
Wireless LAN Controller Configuration Required to Support Cisco ISE Functions” chapter in

.

Some switch models and IOS versions may have reached the end-of-life date and interoperability may 
not be fully supported.

To support the Cisco ISE profiling service, use the latest version of NetFlow, which has additional 
functionality that is needed to operate the profiler. If you use NetFlow version 5, then you can use 
version 5 only on the primary NAD at the access layer, as it will not work anywhere else.

For Wireless LAN Controllers, note the following:

MAB supports MAC filtering with RADIUS lookup.

Support for session ID and COA with MAC filtering provides MAB-like functionality.

DNS based ACL feature will be supported in WLC 8.0. Not all Access Points support DNS based 
ACL. Refer to Cisco Access Points Release Notes for more details.

 lists the support for the devices as follows:

√ 

— Fully supported

— Not supported

— Limited support, some functionalities are not supported

The following are the functionalities supported by each feature:

AAA

802.1X, MAB, VLAN Assignment, dACL

Profiling

RADIUS CoA and Profiling Probes

BYOD

RADIUS CoA, URL Redirection + SessionID

Guest

RADIUS CoA, URL Redirection + SessionID, Local Web Auth

Posture

RADIUS CoA, URL Redirection + SessionID or IPN

MDM

RADIUS CoA, URL Redirection + SessionID

TrustSec

SGT Classification