ISE Third-Party NAD Profiles and Configs


Get Network Device Profiles

 

All network device profiles uploaded to the ISE community should be tagged with ise-nad-profile.

You may view a filtered list of all documents assigned a specific tag such as ise-nad-profile using the URL

     https://communities.cisco.com/tags/ise-nad-profile

 

Get Working Network Device Configs

 

All network device configurations uploaded to the ISE community should be tagged with ise-nad-config.

You may view a filtered list of all documents assigned a specific tag such as ise-nad-config using the URL

     https://communities.cisco.com/tags/ise-nad-config

 

How to Contribute Network Device Profiles

 

You may contribute a Network Device Profile to the community, too:

 

  1. You should have created and tested your Network Device Profile in ISE under Administration > Network Resources > Network Device Profile.
  2. Verify that the name of your profile matches the following naming convention to enable others to quickly identify what it is for:
    <Vendor>_<Series/Model>
  3. Export your Network Device Profile to an XML file on your local computer
  4. Login to the ISE Communities site
  5. Choose Create > Uploaded File and select your exported network device profile XML file.
    Note: the Communities site will automatically convert your uploaded .XML file into a .ZIP file archive
  6. Write a Description that includes the details about how it was configured and what hardware and software you tested with.
  7. Include ise-nad-profile as one of the Tags. You may include other tags (ise,nad,profile,<vendor>, etc.) but using ise-nad-profile is how we enable you to quickly filter all documents within the Communities site for just network device profiles!
  8. Click Publish!

 

Network Device Profiles and Configs

 

Starting ISE 2.0, ISE supports third-party network access devices (NADs) for Authentication, Authorization and Accounting as well as advanced ISE flows such as Profiling, Posture assessment, Guess Access and BYOD. See the ISE Compatibility Guides for guidance on known supported vendors & platforms and recommended software versions.

 

Some of the advanced flows require special support from the NAD, such as RADIUS COA and URL Redirect in order to work properly. In case the NAD doesn't support those capabilities, see ISE 2.1 supports Auth VLAN

 

As it is impossible to test each and every 3rd party vendor / model / firmware, Cisco has tested the following NADs and provided an option to add additional NADs. For details on how to create custom NAD profiles please read How To: Create Network Access Device Profiles with Cisco ISE.

 

Third party NADs that don't support URL redirect can still be used by ISE in Auth VLAN deployment, where in this case, ISE is acting as the DHCP and DNS server. upon user connection, ISE assigns a temporary IP to the endpoint and upon first web request, ISE redirects the user to CWA to perform authentication. after successful authentication the endpoint in connected to the network with IP address assigned by the company's DHCP server. Minimal requirements for this topology is dynamic VLAN assignment and CoA (SNMP or standard).

 

The profiles below have been tested by Cisco.

The profiles in bold are included in ISE 2.x.

Click on the column headers to re-sort.

NAD Profile

VendorTypeSeriesModelTested ModelTested SoftwareTested ConfigSourceMAB802.1xProfilingGuestBYODPostureMDM
Alcatel_WiredAlcatelWiredOmniSwitch68506850ISE 2.02.02.0N/TN/TN/TN/TN/T
Aruba_WirelessArubaWirelessAruba ControllerAll7005-US6.4.1.0Aruba-7005-NAD-ConfigISE 2.02.02.02.02.02.02.0N/T
Aruba IAPAllIAP 2256.4.2.6-4.1.1.6Aruba-IAP-NAD-ConfigISE 2.22.02.02.02.02.0N/TN/T
Brocade_WiredBrocadeWiredICXAllICX 661008.0.20aT7f3Brocade-ICX6610-NAD-ConfigISE 2.02.02.02.02.12.12.1N/T
Brocade_Wired2BrocadeWiredICX7250/7450ICX 745008.0.60Brocade-ICX7450-NAD-Config2.02.02.02.02.0N/TN/TN/T
CiscoCiscoDefaultAllAllAllISE 2.01.01.01.0

HP_Wired_SNMP_CoA

HP H3CWiredHP5500AllA5500-24G-4SFS5.20.99 Release 5206HP-H3C-A5500-NAD-ConfigISE 2.02.02.02.12.12.12.1N/T
HP_WiredHP ProCurveWiredHP2920All2920-24G (J9726A)WB.15.18.0007HP-2920-NAD-ConfigISE 2.02.12.12.12.12.12.1N/T
HP ProCurveWiredHP3800All3800-24G-PoE+-2SFP+ (J9573A)KA.15.16.0006HP-3800-NAD-ConfigISE 2.02.02.02.02.12.12.1N/T
HPE_WiredHPE ArubaWiredN/T
HP_WirelessHP H3CWirelessHP830AllHP 830 8P (JG641A)3507P35HP-H3C-830-NAD-ConfigISE 2.02.02.02.02.02.02.0N/T
Juniper_WiredJuniperWiredEXAllEX330012.3R11.2Juniper-EX3300-NAD-ConfigCisco1.21.02.12.12.12.1N/T
Motorola_WirelessMotorolaWirelessRFS400AllRFS4010-USWing v5.5Motorola-NAD-ConfigISE 2.02.02.02.02.02.02.0N/T
Ruckus_WirelessRuckusWirelessZoneDirectorAllZD12009.9.0.0 Build 25Ruckus-1200-NAD-ConfigISE 2.02.02.02.02.12.12.12.1
Xirrus_WirelessXirrusWirelessXR, XDAllXR-4820AOS 7.6.1Xirrus-NAD-ConfigCisco + Xirrus2.02.02.02.0N/TN/TN/T
Cisco_SG500CiscoWiredSG500AllSG500XSG500-NAD-ConfigISE 2.3X2.3N/TN/TN/TN/TN/T

N/A = Not Applicable

N/T = Not Tested

Note: The first profile for a vendor & device does not have a type. Additional profiles will be named with different Types since multiple Series may use the same profile or the same family may have software updates that change the profile type.N?T