Table of Contents
This document describes Cisco Identity Services Engine (ISE) compatibility with switches, wireless LAN controllers, and other policy enforcement devices, as well as client machine operating systems with which Cisco ISE interoperates in the network. This document covers the following topics:
- Supported Network Access Devices
- Supported External Identity Sources
- Supported Administrative User Interface Browsers
- Supported Client Machine Operating Systems, Supplicants, and Agents
- Supported Operating Systems and Browsers for Cisco ISE Guest Services
- Documentation Updates
- Related Documentation
- Obtaining Documentation and Submitting a Service Request
Cisco ISE supports interoperability with any (Cisco or non-Cisco) RADIUS client NAD that implements common RADIUS behavior (similar to Cisco IOS 12.x) for standards-based authentication. For a list of supported authentication methods, see the “Configuring Authentication Policies” chapter of the Cisco Identity Services Engine User Guide, Release 1.0.4 .
Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality, and are therefore not supported with non-Cisco devices. In addition, certain other advanced functions like central web authentication (CWA), Change of Authorization (CoA), Security Group Access, and downloadable ACLs, are only supported on Cisco devices. For a full list of supported Cisco devices, see Table 1 .
The NADs that are not explicitly listed in Table 1 and that do not support RADIUS Change of Authorization (CoA) must use inline posture.
For information on enabling specific functions of Cisco ISE in your network switches, see the Switch Configuration Required to Support Cisco ISE Functions appendix of the Cisco Identity Services Engine User Guide, Release 1.0.4 .
Caution To support the Cisco ISE Profiling service, Cisco recommends using the latest version of NetFlow (version 9), which has additional functionality that is needed to operate the Profiler. If you use NetFlow version 5 in your network, then you can use version 5 only on the primary NAD at the access layer, as it will not work anywhere else.
Minimum OS Version 1
IOS v12.2(52)SE LAN Lite2
4.Wireless LAN Controllers (WLCs) do not support downloadable ACLs (dACLs), but support named ACLs. Autonomous AP deployments do not support the requirements for Inline Posture Node as they do not send Framed-IP-Address. Profiling services are supported for 802.1X-authenticated WLANs starting from WLC release 184.108.40.206 and for MAB-authenticated WLANs starting from WLC 220.127.116.11. FlexConnect, previously known as Hybrid Remote Edge Access Point (HREAP) mode, is supported with central authentication configuration deployment starting from WLC 18.104.22.168. For additional details regarding FlexConnect support, refer to the release notes for the applicable wireless controller platform.
5.An issue has been observed during wireless login scenarios where the WLC is running firmware version 22.214.171.124. Unless you require new features available only in version 126.96.36.199, Cisco recommends returning your WLC firmware version to 188.8.131.52. For more information, see the Release Notes for the Cisco Identity Services Engine, Release 1.0.4.
Table 2 lists the external identity sources supported with Cisco ISE.
Active Directory 6
For a collection of known issues regarding Windows Internet Explorer 8, see the “Known Issues” section of the Release Notes for the Cisco Identity Services Engine, Release 1.0.4 .
Note All standard 802.1X supplicants can be used with Cisco ISE 1.0 standard and advanced features as long as they support the standard authentication protocols supported by Cisco ISE. (For information on allowed authentication protocols, see the “Configuring Authentication Policies” chapter of the Cisco Identity Services Engine User Guide, Release 1.0.4.) For the VLAN Change authorization feature to work in a wireless deployment the supplicant must support IP address refresh on VLAN Change.
AnyConnect version 3.0.3041, 2.5.30417
AnyConnect version 3.0.3041, 2.5.3041 1
Microsoft Windows 78
- Google Chrome 11
- Microsoft IE 9, 10 9
- Mozilla Firefox 3.6, 4, 5
No official support 10
Microsoft Windows 711
Table 8 lists the product documentation available for the Cisco ISE Release. General product information for Cisco ISE is available at http://www.cisco.com/go/ise . End-user documentation is available on Cisco.com at http://www.cisco.com/en/US/products/ps11640/tsd_products_support_series_home.html .
Links to additional Policy Management Business Unit documentation are available on www.cisco.com at the following locations:
- Cisco ISE
- Cisco Secure ACS
- Cisco NAC Appliance
- Cisco NAC Profiler
- Cisco NAC Guest Server
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as a RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.