Guest

Cisco Identity Services Engine

Cisco Identity Services Engine Network Component Compatibility, Release 1.2

  • Viewing Options

  • PDF (271.1 KB)
  • Feedback

Table of Contents

Cisco Identity Services Engine Network Component Compatibility, Release 1.2.x

Supported Network Access Devices

Supported AAA Attributes for Third-Party VPN Concentrators

Supported External Identity Sources

RADIUS

RFC Standards

Supported Browsers for the Admin Portal

Supported Virtual Environments

Supported Client Machine and Personal Device Operating Systems, Supplicants, and Agents

Cisco NAC Agent Interoperability Between Cisco NAC Appliance and Cisco ISE

Client Machine Operating Systems and Agent Support in Cisco ISE

Supported Operating Systems and Browsers for Sponsor, Guest, and My Devices Portals

Supported Devices for On-Boarding and Certificate Provisioning

Requirements for CA to Interoperate with Cisco ISE

Documentation Updates

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Obtaining Documentation and Submitting a Service Request

Cisco Identity Services Engine Network Component Compatibility, Release 1.2.x

Revised: December 19, 2014, OL-27042-01

This document describes Cisco Identity Services Engine (ISE) compatibility with switches, wireless LAN controllers, and other policy enforcement devices as well as operating systems with which Cisco ISE interoperates.

Supported Network Access Devices

Cisco ISE supports interoperability with any Cisco or non-Cisco RADIUS client network access device (NAD) that implements common RADIUS behavior (similar to Cisco IOS 12.x) for standards-based authentication. For a list of supported authentication methods, see the “Configuring Authentication Policies” chapter of the Cisco Identity Services Engine User Guide, Release 1.2.

Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality, and are therefore not supported with non-Cisco devices. In addition, certain other advanced functions like central web authentication (CWA), Change of Authorization (CoA), Security Group Access (SGA), and downloadable access control lists (ACLs), are only supported on Cisco devices. For a full list of supported Cisco devices, see Table 1 .

The NADs that are not explicitly listed in Table 1 and do not support RADIUS CoA must use inline posture.

For information on enabling specific functions of Cisco ISE on network switches, see the Switch and Wireless LAN Controller Configuration Required to Support Cisco ISE Functions appendix of the Cisco Identity Services Engine User Guide, Release 1.2.


Note Some switch models and IOS versions may have reached the end-of-life date and interoperability may not be fully supported.



Caution To support the Cisco ISE profiling service, use the latest version of NetFlow, which has additional functionality that is needed to operate the profiler. If you use NetFlow version 5, then you can use version 5 only on the primary NAD at the access layer, as it will not work anywhere else.

 

Table 1 Supported Network Access Devices

Access Switches
Device
Recommended OS Version 1
MAB
802.1X
Web Auth
Session CoA
VLAN
dACL/ Named ACL 2
TrustSec 3
Device Sensors
CWA
LWA

Catalyst 2960, ISR EtherSwitch ES2
(Catalyst 2960-S, Catalyst 2960-C LAN Base)

IOS v 12.2(55)-SE3

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

Catalyst 2960-SF, Catalyst 2960Plus

IOS v 15.0.2-SE (ED) LAN BASE 4

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

Catalyst 2960–XR, Catalyst 2960–X

IOS v 15.0.2-EX3 (ED)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

No

Catalyst 3560-C Catalyst 3560-E, ISR EtherSwitch ES3 Catalyst 3560-X

IOS v 15.0.2-SE2 (ED)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Catalyst 3750-G

IOS v 12.2(55)-SE3

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Catalyst 3750-E Catalyst 3750-X

IOS v 15.0.2-SE2 (ED) IP BASE

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Catalyst 3850, 3650 5

IOS XE 3.2.2 SE

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Catalyst 4500 Supervisor Engine 7-E, 7L-E

IOS-XE v 3.4.0 SG (ED)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Catalyst 4500 Supervisor Engine 6-E, 6L-E

IOS v 15.1.2 SG (ED)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Catalyst 6500 (Supervisor 32/Supervisor 720)

IOS v 12.2(33)-SXJ5 (MD)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Wireless 2
Device
Recommended OS Version
MAB
802.1X
Web Auth
Session CoA
VLAN
dACL/ Named ACL
TrustSec
Device Sensors
CWA
LWA

Wireless LAN Controller (WLC) 2100 6

7.0.116.0(ED)

No 7

Yes

No

Yes

Yes

Yes

Yes

No

No

Wireless LAN Controller (WLC) 4400 6

7.0.116.0(ED)

No 7

Yes

No

Yes

Yes

Yes

Yes

No

No

Wireless LAN Controller (WLC) 2500 8

7.3.112.0.(ED), 7.4.x, 7.5

Yes 9

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Wireless LAN Controller (WLC) 5500 8

7.3.112.0.(ED), 7.4.x, 7.5

Yes 9

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Wireless LAN Controller (WLC) 7500 8

7.3.112.0.(ED), 7.4.x, 7.5

Yes 9

Yes

Yes

Yes

Yes

Yes

Yes

No

Yes

Wireless LAN Controller (WLC) 8500 8

7.3.112.0.(ED), 7.4.x, 7.5

Yes 9

Yes

Yes

Yes

Yes

Yes

Yes

No

Yes

WiSM1 Blade for 6500

7.0.116.0(ED)

No 7

Yes

No

Yes

Yes

Yes

Yes

No

No

WiSM2 Blade for 6500

7.0.116.0(ED)

No 7

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

WLC 5760

IOS XE 3.2.2 SE

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

No

Routers
Device
Recommended OS Version
MAB
802.1X
Web Auth
Session CoA
VLAN
dACL/ Named ACL
TrustSec
Device Sensors
CWA
LWA

WLC for ISR (ISR2 ISM, SRE700, and SRE900)

7.3.112.0(ED)

No 7

Yes

No

Yes

Yes

Yes

Yes

No

No

ISR 88x, 89x Series 10

15.3.2T(ED)

Yes

Yes

No

LWA (L3)

Yes

Yes

No

Yes (IPsec)

No

ISR 19x, 29x, 39x Series 10

15.3.2T(ED)

Yes

Yes

No

LWA (L3)

Yes

Yes

Yes

Yes (IPsec)

No

Remote Access
Device
Recommended OS Version
MAB
802.1X
Web Auth
Session CoA
VLAN
dACL/ Named ACL
TrustSec
Device Sensors
CWA
LWA

Cisco ASA 5500 and 5500-X Series
(for remote access only)

ASA 9.2.1

NA

NA

NA

NA

Yes 11

Yes

Yes

Yes

No

1.The “Recommended OS Version” is based on releases that contain both core and advanced ISE feature support and have been tested with Cisco ISE release 1.2. This table is not a representation of all possible OS versions supported by ISE. The OS versions not listed may be supported with limited features, may contain critical defects for selected features, and have not been fully tested with Cisco ISE 1.2. While selecting an OS version, it is recommended to refer to the OS documentation for the required Cisco ISE feature support and outstanding defects.

For previously tested OS versions with older Cisco ISE releases, refer to the following:
http://www.cisco.com/en/US/products/ps11640/products_device_support_tables_list.html

2.Cisco Wireless LAN Controllers (WLCs) and Wireless Service Modules (WiSMs) do not support downloadable ACLs (dACLs), but support named ACLs. Autonomous AP deployments do not support the requirements for Inline Posture Node as they do not send Framed-IP-Address. Profiling services are supported for 802.1X-authenticated WLANs starting from WLC release 7.0.116.0 and for MAB-authenticated WLANs starting from WLC 7.2.110.0. FlexConnect, previously known as Hybrid Remote Edge Access Point (HREAP) mode, is supported with central authentication configuration deployment starting from WLC 7.2.110.0. For additional details regarding FlexConnect support, refer to the release notes for the applicable wireless controller platform.

4.2960 LAN Lite is supported but not recommended with ISE 1.2 due to limited feature support. LAN Lite supports only 802.1X and VLAN assignments.

5.The current available IOS releases for converged access switches, such as 3850 or 3650, may not send Calling-Station-ID in the RADIUS accounting requests, which may result in incorrect session states and endpoint profiles in ISE. Refer to Release Notes for Cisco Identity Services Engine, Release 1.2.x for more information.

6.WLCs prior to release 7.0.116.0 do not support CoA and require deployment of an ISE Inline Posture Node to support posture services.

7.Supports MAC filtering with RADIUS lookup.

8.DNS based ACL feature will be supported in WLC 8.0. Not all Access Points support DNS based ACL. Refer to Cisco Access Points Release Notes for more details.

9.Support for session ID and COA with MAC filtering provides MAB-like functionality.

10.802.1X / MAB with URL redirect is only available on non-800 ISR G2.
Web Authentication with URL redirect is not available on all ISR G2 platforms.

11.Requires ISE Version 1.2.0.899—Cumulative Patch 5 or above.

Supported AAA Attributes for Third-Party VPN Concentrators

For third-party VPN concentrators to integrate with Cisco ISE and Inline Posture nodes, the following authentication, authorization, and accounting (AAA) attributes must be included in RADIUS communication:

  • Calling-Station-Id (for MAC_ADDRESS)
  • USER_NAME
  • NAS_PORT_TYPE

Also, for VPN devices, the RADIUS accounting message must have the framed-ip-address attribute set to the VPN client’s IP address pool.

Supported External Identity Sources

Refer to Release Notes for the Cisco Identity Services Engine, Release 1.2.x for more information.

 

Table 2 Supported External Identity Sources

External Identity Source
OS/Version
Active Directory 12 , 13 , 14

Microsoft Windows Active Directory 2003

Microsoft Windows Active Directory 2003 R2

Microsoft Windows Active Directory 2008

Microsoft Windows Active Directory 2008 R2

Microsoft Windows Active Directory 2012

Microsoft Windows Active Directory 2012 R2 15

LDAP Servers

SunONE LDAP Directory Server

Version 5.2

OpenLDAP Directory Server

Version 2.4.23

Token Servers

RSA ACE/Server

6. x series

RSA Authentication Manager

7. x and 8.0 series

Any RADIUS RFC 2865-compliant token server

12.Cisco ISE OCSP functionality is available only on Microsoft Windows Active Directory 2008, 2008 R2, 2012, and 2012 R2.

13.Cisco ISE SCEP functionality is available only on Microsoft Windows Active Directory 2008 R2, 2012, and 2012 R2.

14.Microsoft Windows Active Directory version 2000 or its functional level are not supported by Cisco ISE.

15.Microsoft Windows Active Directory 2012 R2 and all updates are supported by Cisco ISE, Release 1.2.1.

RADIUS

Cisco ISE interoperates fully with third-party RADIUS devices that adhere to the standard protocols. Support for RADIUS functions depends on the device-specific implementation.

RFC Standards

Cisco ISE conforms to the following RFCs:

  • RFC 2138—Remote Authentication Dial In User Service (RADIUS)
  • RFC 2139—RADIUS Accounting
  • RFC 2865—Remote Authentication Dial In User Service (RADIUS)
  • RFC 2866—RADIUS Accounting
  • RFC 2867—RADIUS Accounting Modifications for Tunnel Protocol Support

Supported Browsers for the Admin Portal

  • Mozilla Firefox version 5. x and later (applicable for Windows, Mac OS X, and Linux-based operating systems).
  • Windows Internet Explorer 8. x and later.

Note The Cisco ISE Admin portal does not support using the Microsoft IE8 browser in its IE7 Compatibility Mode (the Microsoft IE8 is supported in its IE8-only mode).


Adobe Flash Player 11.2.0.0 or above must be installed on the system running your client browser.

The minimum required screen resolution to view the Cisco ISE Admin portal and for a better user experience is 1280 x 800 pixels.

Supported Virtual Environments

Cisco ISE supports the following virtual environment platforms:

  • VMware ESX 4. x
  • VMware ESXi 4. x
  • VMware ESXi 5. x

Supported Client Machine and Personal Device Operating Systems, Supplicants, and Agents

Client Machine Operating Systems and Agent Support in Cisco ISE lists the supported client machine operating systems, browsers, and agent versions supporting each client machine type. For all devices, you must also have cookies enabled in the web browser.


Note All standard 802.1X supplicants can be used with Cisco ISE, Release 1.2.x standard and advanced features as long as they support the standard authentication protocols supported by Cisco ISE. (For information on allowed authentication protocols, see the “Managing Authentication Policies” chapter of the Cisco Identity Services Engine User Guide, Release 1.2). For the VLAN change authorization feature to work in a wireless deployment, the supplicant must support IP address refresh on VLAN change.


Cisco NAC Agent Interoperability Between Cisco NAC Appliance and Cisco ISE

The Cisco NAC Agent versions 4.9.4.3 and later can be used on both Cisco NAC Appliance Releases 4.9(1),4.9(3), 4.9(4) and Cisco ISE Releases 1.1.3-patch 11, 1.1.4-patch 11, 1.2.x. This is the recommended model of deploying the NAC agent in an environment where users will be roaming between ISE and NAC deployments.

Client Machine Operating Systems and Agent Support in Cisco ISE

 

Table 3 Google Android 16

Client Machine Operating System
Web Browser
Supplicants (802.1X)

Google Android 4.1.2

  • Native browser
  • Mozilla Firefox 16

Google Android Supplicant 4.1.2

Google Android 4.0.4

  • Native browser
  • Mozilla Firefox 5

Google Android Supplicant 4.0.4

Google Android 4.0.3

  • Native browser
  • Mozilla Firefox 5

Google Android Supplicant 4.0.3

Google Android 4.0

  • Native browser

Google Android Supplicant 4.0

Google Android 3.2.1

  • Native browser
  • Mozilla Firefox 5

Google Android Supplicant 3.2.1

Google Android 3.2

  • Native browser

Google Android Supplicant 3.2

Google Android 2.3.6

  • Native browser
  • Mozilla Firefox 5

Google Android Supplicant 2.3.6

Google Android 2.3.3

  • Native browser
  • Mozilla Firefox 5

Google Android Supplicant 2.3.3

Google Android 2.2.1

  • Native browser

Google Android Supplicant 2.2.1

Google Android 2.2

  • Native browser
  • Mozilla Firefox 5

Google Android Supplicant 2.2

16.Because of the open access-nature of Android implementation on available devices, Cisco ISE may not support certain Android OS version and device combinations.

Table 4 Apple iOS 17

Client Machine Operating System
Web Browser
Supplicants (802.1X)

Apple iOS 7.x18

  • Safari 7

Apple iOS Supplicant 7.x

Apple iOS 6.x

  • Safari 6

Apple iOS Supplicant 6.x

Apple iOS 5.1

  • Safari 5
  • Mozilla Firefox 5

Apple iOS Supplicant 5.1

Apple iOS 5.0.1

  • Safari 5
  • Mozilla Firefox 5

Apple iOS Supplicant 5.0.1

Apple iOS 5.0

  • Safari 5
  • Mozilla Firefox 5

Apple iOS Supplicant 5.0

17.While Apple iOS devices use Protected Extensible Authentication Protocol (PEAP) with Cisco ISE or 802.1x, the public certificate includes a CRL distribution point that the iOS device needs to verify but it cannot do it without network access. Click “confirm/accept” on the iOS device to authenticate to the network.

18.To work with Apple iOS 7, you need to install Cisco ISE Release 1.2.0.899 cumulative patch 2 or later. To apply the patch, refer to Release Notes for Cisco Identity Services Engine, Release 1.2.x.

Table 5 Apple Mac OS X

Client Machine Operating System
Web Browser
Supplicants (802.1X)
Cisco ISE
Mac OS X Agent

Apple Mac OS X 10.9

  • Apple Safari 6.0,
  • Mozilla Firefox 14

Apple Mac OS X Supplicant 10.9

1.2.x

4.9.4.3

Apple Mac OS X 10.8

  • Apple Safari 6.0,
  • Mozilla Firefox 14

Apple Mac OS X Supplicant 10.8

1.2.x

4.9.4.3

Apple Mac OS X 10.7

  • Apple Safari 5.1, 6.019
  • Google Chrome 11, 12, 13, 14, 15, 16 20
  • Mozilla Firefox 3.6, 4, 5, 9

Apple Mac OS X Supplicant 10.7

1.2.x

4.9.4.3

Apple Mac OS X 10.6

  • Apple Safari 4, 5
  • Google Chrome 11, 12, 13, 14, 15, 16 2
  • Mozilla Firefox 3.6, 4, 5, 9

Apple Mac OS X Supplicant 10.6

1.2.x

4.9.4.321

19.Apple Safari version 6.0 is only supported on Mac OS X 10.7.4 and later versions of the operating system.

20.If you are using Mac OS X clients with Java 7, you cannot download the Agents using Google Chrome browser. Java 7 runs only on 64-bit browsers and Chrome is a 32-bit browser. It is recommended to use either previous versions of Java or other browsers while downloading the Agents.

21.Starting from Mac OS X Agent version 4.9.4.3, Cisco NAC Agent supports automatic update of the Compliance Module on Mac OS X clients. Ensure that you have installed Cisco Identity Services Engine, Release 1.2.0.899 cumulative patch 4 or later so that the Compliance Module gets updated automatically.

Table 6 Microsoft Windows 22

Client Machine Operating System
Web Browser
Supplicants (802.1X)
Cisco ISE
Cisco NAC Agent
Cisco NAC Web Agent

Microsoft Windows 8 23,24,25

Windows 8

Windows 8 x64

Windows 8 Professional

Windows 8 Professional x64

Windows 8 Enterprise

Windows 8 Enterprise x64

  • Microsoft IE 10
  • Microsoft Windows 8 802.1X Client

1.2.x

4.9.4.3

4.9.4.3

Microsoft Windows 726

Windows 7 Professional

Windows 7 Professional x64

Windows 7 Ultimate

Windows 7 Ultimate x64

Windows 7 Enterprise

Windows 7 Enterprise x64

Windows 7 Home Premium

Windows 7 Home Premium x64

Windows 7 Home Basic

Windows 7 Starter Edition

  • Microsoft IE 9, 10 27
  • Google Chrome 11, 12, 13, 14, 15, 16
  • Mozilla Firefox 3.6, 4, 5, 9
  • Microsoft Windows 7 802.1X Client
  • AnyConnect Network Access Manager

1.2.x

4.9.4.3

4.9.4.3

Microsoft Windows Vista 5

Windows Vista SP1, SP2

Windows Vista x64 SP1, SP2

  • Microsoft IE 6, 7, 8, 9
  • Google Chrome 8, 9, 11, 12, 13, 14, 15, 16
  • Mozilla Firefox 3.6, 4, 5, 9
  • Microsoft Windows Vista 802.1X Client
  • Cisco Secure Services Client (SSC) 5. x
  • AnyConnect Network Access Manager

1.2.x

4.9.4.3

4.9.4.3

Microsoft Windows XP 5

Windows XP Media Center Edition, SP2, SP3

Windows XP Tablet PC, SP2, SP3

Windows XP Home, SP2

Windows XP Professional SP2, SP3

Windows XP Professional x64, SP2

  • Microsoft IE 6, 7, 8, 9
  • Google Chrome 11, 12, 13, 14, 15, 16
  • Mozilla Firefox 3.6, 9
  • Microsoft Windows XP 802.1X Client
  • Cisco Secure Services Client (SSC) 5. x
  • AnyConnect Network Access Manager

1.2.x

4.9.4.3

4.9.4.3

22.It is recommended to use the Cisco NAC/Web Agent versions along with the corresponding Cisco ISE version.

23.In Windows 8, Internet Explorer 10 has two modes: Desktop and Metro. In Metro mode, the ActiveX plugins are restricted. You cannot download the Cisco NAC Agent in Metro mode. You must switch to Desktop mode, ensure ActiveX controls are enabled, and then launch Internet Explorer to download the Cisco NAC Agent. (If users are still not able to download Cisco NAC agent, check and enable “compatibility mode.”)

24.When you create a Cisco ISE client provisioning policy to accommodate Windows 8, you must specify the “Windows All” operating system option.

25.Windows 8 RT is not supported.

26.Cisco ISE does not support the Windows Embedded operating systems available from Microsoft.

27.When Internet Explorer 10 is installed on Windows 7, to get full network access, you need to update to March 2013 Hotfix ruleset.

Table 7 Others

Client Machine Operating System
Web Browser
Supplicants (802.1X)

Red Hat Enterprise Linux (RHEL) 5

  • Google Chrome 11
  • Mozilla Firefox 3.6, 4, 5

Not tested extensively 28

Ubuntu

Mozilla Firefox 3.6

Not tested extensively

28.The support for 802.1X has not been tested extensively by Cisco, but any 802.1X supplicant is supported as long as it is compliant with the IEEE 802.1X standards.

Supported Operating Systems and Browsers for Sponsor, Guest, and My Devices Portals

These Cisco ISE portals support the following operating system and browser combinations. These portals require that you have cookies enabled in your web browser.

Table 8 Supported Operating Systems and Browsers

Supported Operating System
Browser Versions

Google Android 29 4.1.2, 4.0.4, 4.0.3, 4.0, 3.2.1, 3.2, 2.3.6, 2.3.3, 2.2.1, 2.2

  • Native browser
  • Mozilla Firefox 5, 16

Apple iOS 6.1, 6, 5.1, 5.0.1, 5.0

  • Safari 5, 6

Apple Mac OS X 10.5, 10.6, 10.7, 10.8, 10.9

  • Mozilla Firefox 3.6, 4, 5, 9, 14, 16
  • Safari 4, 5, 6
  • Google Chrome 11

Microsoft Windows 830

  • Microsoft IE 10

Microsoft Windows 731

  • Microsoft IE 9, 10 32
  • Mozilla Firefox 3.6, 5, 9, 16
  • Google Chrome 11

Microsoft Windows Vista, Microsoft Windows XP

  • Microsoft IE 6, 7, 8
  • Mozilla Firefox 3.6, 9, 16
  • Google Chrome 5

Red Hat Enterprise Linux (RHEL) 5

  • Mozilla Firefox 3.6, 4, 5, 9, 16
  • Google Chrome 11

Ubuntu

Mozilla Firefox 3.6, 9, 16

29.Because of the open access-nature of Android implementation on available devices, Cisco ISE may not support certain Android OS version and device combinations.

30.In Windows 8, Internet Explorer 10 has two modes: Desktop and Metro. In Metro mode, the ActiveX plugins are restricted. You cannot download the Cisco NAC Agent in Metro mode. You must switch to Desktop mode, ensure ActiveX controls are enabled, and then launch Internet Explorer to download the Cisco NAC Agent. (If users are still not able to download Cisco NAC agent, check and enable “compatibility mode.”)

31.Cisco ISE does not support the Windows Embedded 7 versions available from Microsoft.

32.When Internet Explorer 10 is installed on Windows 7, to get full network access, you need to update to March 2013 Hotfix ruleset.

 


Note When a guest user tries to log in using Google Chrome on Windows 7 OS, the login fails. It is recommended to upgrade the browser to Chrome 11.


Supported Devices for On-Boarding and Certificate Provisioning

Cisco Wireless LAN Controller (WLC) 7.2 or above support is required for the BYOD feature. Refer to the Release Notes for the Cisco Identity Services Engine, Release 1.2 for any known issues or caveats.

 

Table 9 BYOD On-Boarding and Certificate Provisioning - Supported Devices and Operating Systems

Device
Operating System
Single SSID
Dual SSID (open > PEAP (no cert) or open > TLS)
Onboard Method

Apple iDevice

iOS 4

No

Yes33

Apple profile configurations (native)

Apple iDevice

iOS 5 and 6

Yes

Android

2.2 and above34

Yes

Yes

Cisco Network Setup Assistant

Barnes & Noble Nook (Android) HD/HD+ 35

Windows

Windows XP, Windows Vista, Windows 7, Windows 8

Yes36

Yes

SPW from Cisco.com or Cisco ISE Client Provisioning feed

Windows

Mobile 8, Mobile RT, Surface 8, and Surface RT

No

No

MAC OS X37

10.6, 10.7, 10.8, 10.9

Yes

Yes

SPW from Cisco.com or Cisco ISE client provisioning feed

33.Connect to secure SSID after provisioning

34.There are known EAP-TLS issues with Android 4.1.1 devices. Contact your device manufacturer for support.

35.Barnes & Noble Nook (Android) works when it has Google Play Store 2.1.0 installed.

36.While configuring the wireless properties for the connection (Security > Auth Method > Settings > Validate Server Certificate), uncheck the valid server certificate option or if you check this option, ensure that you select the correct root certificate.

37.If you are using Mac OS X clients with Java 7, you cannot download the SPWs using Google Chrome browser. Java 7 runs only on 64-bit browsers and Chrome is a 32-bit browser. It is recommended to use either previous versions of Java or other browsers while downloading the SPWs.

Requirements for CA to Interoperate with Cisco ISE

While using a CA server with Cisco ISE, make sure that the following requirements are met:

  • Key size should be 1024, 2048, or higher. In CA server, the key size is defined using certificate template. You can define the key size on Cisco ISE using the supplicant profile.
  • Key usage should allow signing and encryption in extension.
  • While using GetCACapabilities through the SCEP protocol, cryptography algorithm and request hash should be supported. It is recommended to use RSA + SHA1.
  • Online Certificate Status Protocol (OCSP) is supported. This is not directly used in BYOD, but a CA which can act as an OCSP server can be used for certificate revocation.

Note EJBCA 4.x is not supported by Cisco ISE for proxy SCEP. EJBCA is supported by Cisco ISE for standard EAP authentication like PEAP, EAP-TLS, and so on.


Documentation Updates

 

Table 10 Cisco Identity Services Engine Network Component Compatibility Documentation Updates

Date
Update Description

10/21/2014

Footnote updated in Table 1 “Supported Network Access Devices”

9/24/2014

Updated Supported Browsers for the Admin Portal

6/3/2014

Updated the Microsoft Active Directory versions in Supported External Identity Sources

12/23/2013

Updated the Agent versions in Apple Mac OS X and Microsoft Windows

9/19/2013

Added support for Apple iOS 7 to Apple iOS

7/25/2013

Cisco Identity Services Engine, Release 1.2

Related Documentation

This section covers information on release-specific documentation and platform-specific documentation.

Release-Specific Documents

 

Table 11 Product Documentation for Cisco Identity Services Engine

Document Title
Location

Release Notes for Cisco Identity Services Engine, Release 1.2.x

http://www.cisco.com/en/US/products/ps11640/prod_release_notes_list.html

Cisco Identity Services Engine Network Component Compatibility, Release 1.2

http://www.cisco.com/en/US/products/ps11640/products_device_support_tables_list.html

Cisco Identity Services Engine User Guide, Release 1.2

http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html

Cisco Identity Services Engine Hardware Installation Guide, Release 1.2

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Upgrade Guide, Release 1.2

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine, Release 1.2 Migration Tool Guide

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Sponsor Portal User Guide, Release 1.2

http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html

Cisco Identity Services Engine CLI Reference Guide, Release 1.2

http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html

Cisco Identity Services Engine API Reference Guide, Release 1.2

http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html

Cisco Identity Services Engine Troubleshooting Guide, Release 1.2

http://www.cisco.com/en/US/products/ps11640/prod_troubleshooting_guides_list.html

Regulatory Compliance and Safety Information for Cisco Identity Services Engine, Cisco 3415 Secure Access Control System, and Cisco NAC Appliance

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine In-Box Documentation and China RoHS Pointer Card

http://www.cisco.com/en/US/products/ps11640/products_documentation_roadmaps_list.html

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

This document is to be used in conjunction with the documents listed in the “Related Documentation” section.