04-28-2016 10:25 PM
Hi team,
In our device compatibility docs of ISE, I see some confusions:
So I would like to ask:
Thank you.
Solved! Go to Solution.
04-29-2016 04:02 PM
The ISE 1.2 Compatibility Guide says: LAN Lite supports only 802.1X and VLAN assignments.
This means the 2960 LAN Lite can do 802.1X to perform authentication to ISE via RADIUS for authorization enforcement with VLANs.
It will still interoperate with ISE 2.0 via the standard RADIUS protocol but it will not be able to do anything other than VLAN assignment.
The 2960-X supports all capabilities with the recommended version of IOS 15.2(2)E3 so I assume the LAN Lite versions continue to only support VLAN assignment since "LAN Lite models have reduced functionality and scalability for small deployments with basic requirements" according to Cisco Catalyst 2960-X Series Switches Data Sheet. You will want to verify this with the switching product team.
04-29-2016 04:02 PM
The ISE 1.2 Compatibility Guide says: LAN Lite supports only 802.1X and VLAN assignments.
This means the 2960 LAN Lite can do 802.1X to perform authentication to ISE via RADIUS for authorization enforcement with VLANs.
It will still interoperate with ISE 2.0 via the standard RADIUS protocol but it will not be able to do anything other than VLAN assignment.
The 2960-X supports all capabilities with the recommended version of IOS 15.2(2)E3 so I assume the LAN Lite versions continue to only support VLAN assignment since "LAN Lite models have reduced functionality and scalability for small deployments with basic requirements" according to Cisco Catalyst 2960-X Series Switches Data Sheet. You will want to verify this with the switching product team.
10-30-2019 09:46 AM
Hi,
I am trying to get this working to use 802.1x authentication with RADIUS, but on LAN Lite the policy-map and service-policy commands are not available so the interface never sends the auth request to RADIUS.
On a LAN Base I have the same config and it works because the policy-map enables the authentication.
With legacy mode authentication the LAN Lite switch works fine for 802.1x and RADIUS, but it breaks when converting to new-style. I cannot find a config sample anywhere that works.
02-06-2024 10:49 PM
Another limitation is that when using LAN Lite, the "authentication open" command is not available.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide