Contents
- ISE Supports the RADIUS and TACACS Protocols
- Get Network Device Profiles and Configurations
- How to Contribute Network Device Profiles
- Network Device Profiles and Configs
ISE Supports the RADIUS and TACACS Protocols
If your network access device can issue access control requests using the standard RADIUS and TACACS protocols then ISE can support it! ISE 2.0 and laterHowever, vendor hardware, software, vendor-specific attributes may affect what you need to do to implement your desired scenarios and capabilities. For more considerations on this topic, please see Does ISE Support My Network Access Device?.
Get Network Device Profiles and Configurations
All network device profiles and configurations uploaded to the ISE community should be tagged with ise-nad-profile. You may view a filtered list of all documents assigned a specific tag such as ise-nad-profile
How to Contribute Network Device Profiles
You may contribute a Network Device Profile to the community, too:
- You should have created and tested your Network Device Profile in ISE under Administration > Network Resources > Network Device Profile.
- Verify that the name of your profile matches the following naming convention to enable others to quickly identify what it is for:
<Vendor>_<Series/Model> - Export your Network Device Profile to an XML file on your local computer
- Login to the ISE Communities site
- Choose Create > Uploaded File and select your exported network device profile XML file.
Note: the Communities site will automatically convert your uploaded .XML file into a .ZIP file archive - Write a Description that includes the details about how it was configured and what hardware and software you tested with.
- Include ise-nad-profile as one of the Tags. You may include other tags (ise,nad,profile,<vendor>, etc.) but using ise-nad-profile is how we enable you to quickly filter all documents within the Communities site for just network device profiles!
- Click Publish!
Network Device Profiles and Configs
Starting ISE 2.0, ISE supports third-party network access devices (NADs) for Authentication, Authorization and Accounting as well as advanced ISE flows such as Profiling, Posture assessment, Guess Access and BYOD. See the ISE Compatibility Guides for guidance on known supported vendors & platforms and recommended software versions.
Some of the advanced flows require special support from the NAD, such as RADIUS COA and URL Redirect in order to work properly. In case the NAD doesn't support those capabilities, see ISE 2.1 supports Auth VLAN
As it is impossible to test each and every 3rd party vendor / model / firmware, Cisco has tested the following NADs and provided an option to add additional NADs. For details on how to create custom NAD profiles please read How To: Create Network Access Device Profiles with Cisco ISE.
Third party NADs that don't support URL redirect can still be used by ISE in Auth VLAN deployment, where in this case, ISE is acting as the DHCP and DNS server. upon user connection, ISE assigns a temporary IP to the endpoint and upon first web request, ISE redirects the user to CWA to perform authentication. after successful authentication the endpoint in connected to the network with IP address assigned by the company's DHCP server. Minimal requirements for this topology is dynamic VLAN assignment and CoA (SNMP or standard).
The profiles below have been known to work. The profiles in bold are included in ISE 2.x.
| ISE NAD Profile | Series | Tested Model (Config) | Tested Software | Source | MAB | 802.1x | Profiling | Guest | BYOD | Posture | MDM |
| Aerohive AP |
Aerohive | AP330 | HiveOS 6.5r8b.179369 | Cisco + Field | 2.3 | 2.3 | N/T | 2.1 | N/T | N/T | N/T |
| Alcatel_Wired | Alcatel OmniSwitch | 6850 | ISE 2.0 | 2.0 | 2.0 | N/T | N/T | N/T | N/T | N/T | |
| Alcatel Lucent Omniswitch and OmniAccess | Alcatel OmniSwitch | 6860 AP 1201 |
AOS 8.6.299.R01 4.0.6.16 |
ISE 3.1 | 2.0 | 2.0 | N/T | N/T | N/T | N/T | N/T |
| Aruba_Wireless | Aruba Controller | 7005-US (Aruba-7005-NAD-Config) | 6.4.1.0 | ISE 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | N/T |
| Aruba IAP | IAP 225 (Aruba-IAP-NAD-Config) | 6.4.2.6-4.1.1.6 | ISE 2.2 | 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | N/T | N/T | |
| Brocade_Wired | Brocade ICX | ICX 6610 (Brocade-ICX6610-NAD-Config) | 08.0.20aT7f3 | ISE 2.0 | 2.0 | 2.0 | 2.0 | 2.1 | 2.1 | 2.1 | N/T |
| Brocade_Wired2 | Brocade ICX | ICX 7450 (Brocade-ICX7450-NAD-Config) | 08.0.60 | 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | N/T | N/T | N/T |
| Cisco | All | All | ISE 2.0 | 1.0 | 1.0 | 1.0 | |||||
| HP_Wired_SNMP_CoA | HP H3C HP5500 | A5500-24G-4SFS (HP-H3C-A5500-NAD-Config) | 5.20.99 Release 5206 | ISE 2.0 | 2.0 | 2.0 | 2.1 | 2.1 | 2.1 | 2.1 | N/T |
| HP_Wired | HP ProCurve HP2920 | 2920-24G (J9726A) (HP-2920-NAD-Config) | WB.15.18.0007 | ISE 2.0 | 2.1 | 2.1 | 2.1 | 2.1 | 2.1 | 2.1 | N/T |
| HP ProCurve HP3800 | 3800-24G-PoE+-2SFP+ (J9573A) (HP-3800-NAD-Config) |
KA.15.16.0006 | ISE 2.0 | 2.0 | 2.0 | 2.0 | 2.1 | 2.1 | 2.1 | N/T | |
| HPE_Wired | HPE Aruba | N/T | |||||||||
| HP_Wireless | HP H3C HP830 | HP 830 8P (JG641A) (HP-H3C-830-NAD-Config) | 3507P35 | ISE 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | N/T |
| HPE-ArubaOS | HPE HP2920 | (HPE-ArubaOS-NAD-Config) | 16.02 | ||||||||
| Juniper_Wired | Juniper EX | EX3300 (Juniper-EX3300-NAD-Config) | 12.3R11.2 | Cisco | 1.2 | 1.0 | 2.1 | 2.1 | 2.1 | 2.1 | N/T |
| Motorola_Wireless | Motorola RFS400 | RFS4010-US (Motorola-NAD-Config) | Wing v5.5 | ISE 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | 2.0 | N/T |
| Ruckus_Wireless | Ruckus ZoneDirector | ZD1200 (Ruckus-1200-NAD-Config) | 9.9.0.0 Build 25 | ISE 2.0 | 2.0 | 2.0 | 2.0 | 2.1 | 2.1 | 2.1 | 2.1 |
| Xirrus_Wireless | Xirrus XR, XD | XR-4820 (Xirrus-NAD-Config) | AOS 7.6.1 | Cisco + Xirrus | 2.0 | 2.0 | 2.0 | 2.0 | N/T | N/T | N/T |
| Cisco_SG500 | Cisco SG500 | SG500X (Cisco SG500 Switch & Configuration for ISE) |
ISE 2.3 | X | 2.3 | N/T | N/T | N/T | N/T | N/T |
N/A = Not Applicable
N/T = Not Tested
Note: The first profile for a vendor & device does not have a type. Additional profiles will be named with different Types since multiple Series may use the same profile or the same family may have software updates that change the profile type.