Cisco Cisco Identity Services Engine 1.3 Guide D’Information
6
Cisco Identity Services Engine Network Component Compatibility, Release 1.3
Supported AAA Attributes for Third-Party VPN Concentrators
Supported AAA Attributes for Third-Party VPN Concentrators
For third-party VPN concentrators to integrate with Cisco ISE and Inline Posture nodes, the following
authentication, authorization, and accounting (AAA) attributes must be included in RADIUS
communication:
authentication, authorization, and accounting (AAA) attributes must be included in RADIUS
communication:
•
Calling-Station-Id (for MAC_ADDRESS)
•
USER_NAME
•
NAS_PORT_TYPE
Also, for VPN devices, the RADIUS accounting message must have the framed-ip-address attribute set
to the VPN client’s IP address pool.
to the VPN client’s IP address pool.
Supported External Identity Sources
Refer to
for more information.
Meraki MX
Platforms
Platforms
Latest Version
√
!
X
!
X
X
X
Latest Version
√
!
X
!
X
X
X
1.
Recommended OS is the version tested for compatibility and stability.
2.
Cisco routers such as ISR 88x, 89x Series do not support CWA, therefore, an IPN has to be deployed for posture.
3.
For a complete list of Cisco TrustSec feature support, see
http://www.cisco.com/en/US/solutions/collateral/ns170/ns896/ns1051/product_bulletin_c25-712066.html.
4.
Minimum OS is the version in which the features got introduced.
5.
Cisco Wireless LAN Controllers (WLCs) and Wireless Service Modules (WiSMs) do not support downloadable ACLs (dACLs), but
support named ACLs. Autonomous AP deployments do not support the requirements for Inline Posture Node as they do not send
Framed-IP-Address. Profiling services are supported for 802.1X-authenticated WLANs starting from WLC release 7.0.116.0 and for
MAB-authenticated WLANs starting from WLC 7.2.110.0. FlexConnect, previously known as Hybrid Remote Edge Access Point
(HREAP) mode, is supported with central authentication configuration deployment starting from WLC 7.2.110.0. For additional details
regarding FlexConnect support, refer to the release notes for the applicable wireless controller platform.
support named ACLs. Autonomous AP deployments do not support the requirements for Inline Posture Node as they do not send
Framed-IP-Address. Profiling services are supported for 802.1X-authenticated WLANs starting from WLC release 7.0.116.0 and for
MAB-authenticated WLANs starting from WLC 7.2.110.0. FlexConnect, previously known as Hybrid Remote Edge Access Point
(HREAP) mode, is supported with central authentication configuration deployment starting from WLC 7.2.110.0. For additional details
regarding FlexConnect support, refer to the release notes for the applicable wireless controller platform.
Table 1
Supported Network Access Devices (continued)
Device
Recommended OS
1
AAA
Profiling
BYOD
Guest
Posture
2
MDM
TrustSec
3
Minimum OS
4
Table 2
Supported External Identity Sources
External Identity Source
OS/Version
Active Directory
1, 2, 3
Microsoft Windows Active Directory 2003
—
Microsoft Windows Active Directory 2003 R2
—
Microsoft Windows Active Directory 2008
—
Microsoft Windows Active Directory 2008 R2
—
Microsoft Windows Active Directory 2012
—
Microsoft Windows Active Directory 2012 R2
4
—
LDAP Servers