Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
86411
Views
39
Helpful
0
Comments

ISE Third-Party NAD Profiles and Configs

thomas
Cisco Employee
Cisco Employee

‎01-14-2016 10:41 AM - edited ‎09-07-2023 02:54 PM

Contents

 

image.png

Many of the 3rd party NAD profiles on this page is based on the community effort and any questions regarding the 3rd party support information within this page should be posted to the community forum. Please do not contact Cisco TAC for support regarding the NAD profiles within this page. Please refer to ISE compatibility guides for Cisco QA tested NADs. Also, read Does ISE support my NAD document for additional information on how to find out support for your NAD.

 

ISE Supports the RADIUS and TACACS Protocols

If your network access device can issue access control requests using the standard RADIUS and TACACS protocols then ISE can support it! ISE 2.0 and laterHowever, vendor hardware, software, vendor-specific attributes may affect what you need to do to implement your desired scenarios and capabilities. For more considerations on this topic, please see Does ISE Support My Network Access Device?.

 

Get Network Device Profiles and Configurations

All network device profiles and configurations uploaded to the ISE community should be tagged with ise-nad-profile.  You may view a filtered list of all documents assigned a specific tag such as ise-nad-profile

 

How to Contribute Network Device Profiles

You may contribute a Network Device Profile to the community, too:

  1. You should have created and tested your Network Device Profile in ISE under Administration > Network Resources > Network Device Profile.
  2. Verify that the name of your profile matches the following naming convention to enable others to quickly identify what it is for:
    <Vendor>_<Series/Model>
  3. Export your Network Device Profile to an XML file on your local computer
  4. Login to the ISE Communities site
  5. Choose Create > Uploaded File and select your exported network device profile XML file.
    Note: the Communities site will automatically convert your uploaded .XML file into a .ZIP file archive
  6. Write a Description that includes the details about how it was configured and what hardware and software you tested with.
  7. Include ise-nad-profile as one of the Tags. You may include other tags (ise,nad,profile,<vendor>, etc.) but using ise-nad-profile is how we enable you to quickly filter all documents within the Communities site for just network device profiles!
  8. Click Publish!

 

Network Device Profiles and Configs

Starting ISE 2.0, ISE supports third-party network access devices (NADs) for Authentication, Authorization and Accounting as well as advanced ISE flows such as Profiling, Posture assessment, Guess Access and BYOD. See the ISE Compatibility Guides for guidance on known supported vendors & platforms and recommended software versions.

Some of the advanced flows require special support from the NAD, such as RADIUS COA and URL Redirect in order to work properly. In case the NAD doesn't support those capabilities, see ISE 2.1 supports Auth VLAN

As it is impossible to test each and every 3rd party vendor / model / firmware, Cisco has tested the following NADs and provided an option to add additional NADs. For details on how to create custom NAD profiles please read How To: Create Network Access Device Profiles with Cisco ISE.

Third party NADs that don't support URL redirect can still be used by ISE in Auth VLAN deployment, where in this case, ISE is acting as the DHCP and DNS server. upon user connection, ISE assigns a temporary IP to the endpoint and upon first web request, ISE redirects the user to CWA to perform authentication. after successful authentication the endpoint in connected to the network with IP address assigned by the company's DHCP server. Minimal requirements for this topology is dynamic VLAN assignment and CoA (SNMP or standard).

The profiles below have been known to work. The profiles in bold are included in ISE 2.x.

ISE NAD Profile Series Tested Model (Config) Tested Software Source MAB 802.1x Profiling Guest BYOD Posture MDM
Aerohive AP
 Aerohive AP330 HiveOS 6.5r8b.179369 Cisco + Field 2.3 2.3 N/T 2.1 N/T N/T N/T
Alcatel_Wired Alcatel OmniSwitch 6850   ISE 2.0 2.0 2.0 N/T N/T N/T N/T N/T
Alcatel Lucent Omniswitch and OmniAccess  Alcatel OmniSwitch 6860
AP 1201		 AOS 8.6.299.R01
4.0.6.16		 ISE 3.1 2.0 2.0 N/T N/T N/T N/T N/T
Aruba_Wireless Aruba Controller 7005-US (Aruba-7005-NAD-Config) 6.4.1.0 ISE 2.0 2.0 2.0 2.0 2.0 2.0 2.0 N/T
Aruba IAP IAP 225 (Aruba-IAP-NAD-Config) 6.4.2.6-4.1.1.6 ISE 2.2 2.0 2.0 2.0 2.0 2.0 N/T N/T
Brocade_Wired Brocade ICX ICX 6610 (Brocade-ICX6610-NAD-Config) 08.0.20aT7f3 ISE 2.0 2.0 2.0 2.0 2.1 2.1 2.1 N/T
Brocade_Wired2 Brocade ICX ICX 7450 (Brocade-ICX7450-NAD-Config) 08.0.60 2.0 2.0 2.0 2.0 2.0 N/T N/T N/T
Cisco All All   ISE 2.0 1.0 1.0 1.0        
HP_Wired_SNMP_CoA HP H3C HP5500 A5500-24G-4SFS (HP-H3C-A5500-NAD-Config) 5.20.99 Release 5206 ISE 2.0 2.0 2.0 2.1 2.1 2.1 2.1 N/T
HP_Wired HP ProCurve HP2920 2920-24G (J9726A) (HP-2920-NAD-Config) WB.15.18.0007 ISE 2.0 2.1 2.1 2.1 2.1 2.1 2.1 N/T
HP ProCurve HP3800 3800-24G-PoE+-2SFP+ (J9573A)
(HP-3800-NAD-Config)		 KA.15.16.0006 ISE 2.0 2.0 2.0 2.0 2.1 2.1 2.1 N/T
HPE_Wired HPE Aruba                   N/T
HP_Wireless HP H3C HP830 HP 830 8P (JG641A) (HP-H3C-830-NAD-Config) 3507P35 ISE 2.0 2.0 2.0 2.0 2.0 2.0 2.0 N/T
HPE-ArubaOS HPE HP2920 (HPE-ArubaOS-NAD-Config) 16.02                
Juniper_Wired Juniper EX EX3300 (Juniper-EX3300-NAD-Config) 12.3R11.2 Cisco 1.2 1.0 2.1 2.1 2.1 2.1 N/T
Motorola_Wireless Motorola RFS400 RFS4010-US (Motorola-NAD-Config) Wing v5.5 ISE 2.0 2.0 2.0 2.0 2.0 2.0 2.0 N/T
Ruckus_Wireless Ruckus ZoneDirector ZD1200 (Ruckus-1200-NAD-Config) 9.9.0.0 Build 25 ISE 2.0 2.0 2.0 2.0 2.1 2.1 2.1 2.1
Xirrus_Wireless Xirrus XR, XD XR-4820 (Xirrus-NAD-Config) AOS 7.6.1 Cisco + Xirrus 2.0 2.0 2.0 2.0 N/T N/T N/T
Cisco_SG500 Cisco SG500 SG500X (Cisco SG500 Switch &
Configuration for ISE)		   ISE 2.3 X 2.3 N/T N/T N/T N/T N/T

N/A = Not Applicable

N/T = Not Tested

Note: The first profile for a vendor & device does not have a type. Additional profiles will be named with different Types since multiple Series may use the same profile or the same family may have software updates that change the profile type.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents