 Feedback
|
Table Of Contents
Cisco Identity Services Engine Network Component Compatibility, Release 1.0.4
Supported Network Access Devices
Supported External Identity Sources
Supported Administrative User Interface Browsers
Supported Client Machine Operating Systems, Supplicants, and Agents
Supported Operating Systems and Browsers for Cisco ISE Guest Services
Obtaining Documentation and Submitting a Service Request
Cisco Identity Services Engine Network Component Compatibility, Release 1.0.4
Revised: April 8, 2013, OL-25483-01This document describes Cisco Identity Services Engine (ISE) compatibility with switches, wireless LAN controllers, and other policy enforcement devices, as well as client machine operating systems with which Cisco ISE interoperates in the network. This document covers the following topics:
•
Supported Network Access Devices
•
•
•
•
•
Supported Network Access Devices
Cisco ISE supports interoperability with any (Cisco or non-Cisco) RADIUS client NAD that implements common RADIUS behavior (similar to Cisco IOS 12.x) for standards-based authentication. For a list of supported authentication methods, see the "Configuring Authentication Policies" chapter of the Cisco Identity Services Engine User Guide, Release 1.0.4.
Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality, and are therefore not supported with non-Cisco devices. In addition, certain other advanced functions like central web authentication (CWA), Change of Authorization (CoA), Security Group Access, and downloadable ACLs, are only supported on Cisco devices. For a full list of supported Cisco devices, see Table 1.
The NADs that are not explicitly listed in Table 1 and that do not support RADIUS Change of Authorization (CoA) must use inline posture.
For information on enabling specific functions of Cisco ISE in your network switches, see the Switch Configuration Required to Support Cisco ISE Functions appendix of the Cisco Identity Services Engine User Guide, Release 1.0.4.
Note
Caution
Table 1 Supported Network Access Devices
Catalyst 2940
IOS v12.1(22)EA1
Yes
Yes
No
No
Yes
No
No
Catalyst 2950
IOS v12.1(22)EA1
No
Yes
No
No
Yes
No
No
Catalyst 2955
IOS v12.1(22)EA1
No
Yes
No
No
Yes
No
No
Catalyst 2960, Catalyst 2960S, ISR EtherSwitch ES2
IOS v12.2(52)SE LAN Base
Yes
Yes
Yes
Yes
Yes
Yes
No
Catalyst 2960, Catalyst 2960S
IOS v12.2(52)SE LAN Lite2
Yes
Yes
No
No
Yes
No
No
Catalyst 2970
IOS v12.2(25)SE
Yes
Yes
No
No
Yes
No
No
Catalyst 2975
IOS v12.2(52)SE
Yes
Yes
No
No
Yes
No
No
Catalyst 3550
IOS v12.2(44)SE
Yes
Yes
No
No
Yes
Yes
No
Catalyst 3560
IOS v12.2(52)SE
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Catalyst 3560-E, ISR EtherSwitch ES3
IOS v12.2(52)SE
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Catalyst 3560-X
IOS v12.2(52)SE
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Catalyst 3750
IOS v12.2(52)SE
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Catalyst 3750-E
IOS v12.2(52)SE
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Catalyst 3750 Metro
IOS v12.2(52)SE
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Catalyst 3750-X
IOS v12.2(52)SE
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Catalyst 4500
IOS v12.2(54)SG
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Catalyst 6500
IOS v12.2(33)SX17
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Catalyst 4900
IOS v12.2(54)SG
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Nexus 70003
—
—
—
—
—
Yes
—
Yes
Wireless LAN Controller (WLC) 2100, 4400, and 5500 Series
7.0.116.0
No
Yes
Yes
Yes
Yes
Yes
—
WiSM Blade for 6500
7.0.116.0
No
Yes
Yes
Yes
Yes
Yes
—
WLC for ISR (ISR2 ISM, SRE700, and SRE900)
7.0.116.0
No
Yes
Yes
Yes
Yes
Yes
—
WLC for 3750
7.0.116.0
No
Yes
Yes
Yes
Yes
Yes
—
1 For 802.1X authentications, you need IOS version 12.2(55)SE3.
2 Does not support posture and profiling services.
3 SGA only
4 Wireless LAN Controllers (WLCs) do not support downloadable ACLs (dACLs), but support named ACLs. WLCs prior to release 7.0.116.0 do not support CoA and require deployment of an ISE Inline Posture Node to support posture services. Use of Inline Posture Node requires WLC version 7.0.98 or later. Autonomous AP deployments (no WLC) also require deployment of an Inline Posture Node for posture support. Profiling services are currently supported for 802.1X-authenticated WLANs only on the WLC with CoA support. HREAP is not supported. WLCs do not currently support MAC Authentication Bypass (MAB).
5 An issue has been observed during wireless login scenarios where the WLC is running firmware version 7.0.116.0. Unless you require new features available only in version 7.0.116.0, Cisco recommends returning your WLC firmware version to 7.0.98.218. For more information, see the Release Notes for the Cisco Identity Services Engine, Release 1.0.4.
Supported External Identity Sources
Table 2 lists the external identity sources supported with Cisco ISE.
1 Tested Microsoft Windows Active Directory versions are 2003, 2008 and 2008R2. Microsoft Windows Active Directory version 2000 or its functional level are not supported by Cisco ISE.
Supported Administrative User Interface Browsers
You can access the Cisco ISE administrative user interface using the following browsers:
•
For a collection of known issues regarding Windows Internet Explorer 8, see the "Known Issues" section of the Release Notes for the Cisco Identity Services Engine, Release 1.0.4.
•
Supported Client Machine Operating Systems, Supplicants, and Agents
This section lists the supported client machine operating systems, browsers, and Agent versions supporting each client machine type for the following Operating Systems:
Note
Table 3 Apple Mac OS X
Apple Mac OS X 10.5
•
•
•
Apple Mac OS X Supplicant 10.5
4.9.0.647
AnyConnect version 3.0.3041, 2.5.30411
Apple Mac OS X 10.6
•
•
•
Apple Mac OS X Supplicant 10.6
4.9.0.647
AnyConnect version 3.0.3041, 2.5.30411
Apple Mac OS X 10.7
•
•
•
Apple Mac OS X Supplicant 10.7
4.9.0.647
AnyConnect version 3.0.3041
1 Anyconnect version 2.5.3041 is required to support "PowerPC" Macintosh systems.
Table 4 Microsoft Windows
Microsoft Windows 71
•
•
•
•
•
4.9.0.32
4.9.0.19
AnyConnect version 3.0.3041
Microsoft Windows Vista 1
•
•
•
•
•
•
4.9.0.32
4.9.0.19
AnyConnect version 3.0.3041
Microsoft Windows XP 1
•
•
•
•
•
•
4.9.0.32
4.9.0.19
AnyConnect version 3.0.3041
1 Cisco ISE does not support the Windows Embedded versions available from Microsoft.
2 When Internet Explorer 10 is installed on Windows 7, to get full network access, you need to update to March 2013 Hotfix ruleset.
Table 5 Others
Red Hat Enterprise Linux (RHEL) 5
•
•
No official support 1
—
—
Ubuntu
Mozilla Firefox 3.6
No official support
—
—
1 Although not supported by Cisco, the WPA_Supplicant and Open1X Supplicant are available for use with Linux.
Supported Operating Systems and Browsers for Cisco ISE Guest Services
The Cisco ISE Guest services support the following operating system and browser combinations.
Table 6 Cisco ISE Guest Services - Supported Operating Systems and Browsers
Microsoft Windows 71
Microsoft IE 9, Mozilla Firefox 3.6, 4, 5, Google Chrome 11
Microsoft Windows Vista, Microsoft Windows XP
Microsoft IE 6, IE 7, IE 8, Mozilla Firefox 3.6, Google Chrome 5
Apple Mac OS X 10.5, 10.6, 10.7
Mozilla Firefox 3.6, 4, 5, Safari 4,5 Google Chrome 11
Red Hat Enterprise Linux (RHEL) 5
Mozilla Firefox 3.6, 4, 5, Google Chrome 11
Ubuntu
Mozilla Firefox 3.6
1 Cisco ISE does not support the Windows Embedded 7 versions available from Microsoft.
Note
Documentation Updates
Table 7 Cisco Identity Services Engine Network Component Compatibility Documentation Updates
04/08/13
Added support for Internet Explorer 10 on Windows 7
3/8/2012
Footnote added to Table 2 "Supported External Identity Sources"
9/30/2011
Cisco Identity Services Engine Maintenance Release 1.0.4.573; No content updates made.
9/21/2011
Minor update to Table 1 "Supported Network Access Devices"
9/13/2011
Minor update to Table 1 "Supported Network Access Devices"
9/1/2011
Minor updates to Table 3 " Apple Mac OS X"
8/26/2011
Content updates for Cisco Identity Services Engine Maintenance Release 1.0.4.558:
•
Related Documentation
Release-Specific Documents
Table 8 lists the product documentation available for the Cisco ISE Release. General product information for Cisco ISE is available at http://www.cisco.com/go/ise. End-user documentation is available on Cisco.com at http://www.cisco.com/en/US/products/ps11640/tsd_products_support_series_home.html.
Table 8 Product Documentation for Cisco Identity Services Engine
Release Notes for the Cisco Identity Services Engine, Release 1.0.4
http://www.cisco.com/en/US/products/ps11640/prod_release_notes_list.html
Cisco Identity Services Engine Network Component Compatibility, Release 1.0.4
http://www.cisco.com/en/US/products/ps11640/products_device_support_tables_list.html
Cisco Identity Services Engine User Guide, Release 1.0.4
http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html
Cisco Identity Services Engine Hardware Installation Guide, Release 1.0.4
http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html
Cisco Identity Services Engine Migration Guide for Cisco Secure ACS 5.1 and 5.2, Release 1.0.4
http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html
Cisco Identity Services Engine Sponsor Portal User Guide, Release 1.0.4
http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html
Cisco Identity Services Engine CLI Reference Guide, Release 1.0.4
http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html
Cisco Identity Services Engine API Reference Guide, Release 1.0.4
http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html
Cisco Identity Services Engine Troubleshooting Guide, Release 1.0.4
http://www.cisco.com/en/US/products/ps11640/prod_troubleshooting_guides_list.html
Regulatory Compliance and Safety Information for Cisco Identity Services Engine, Cisco 1121 Secure Access Control System, Cisco NAC Appliance, Cisco NAC Guest Server, and Cisco NAC Profiler
http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html
Cisco Identity Services Engine In-Box Documentation and China RoHS Pointer Card
http://www.cisco.com/en/US/products/ps11640/products_documentation_roadmaps_list.html
Platform-Specific Documents
Links to additional Policy Management Business Unit documentation are available on www.cisco.com at the following locations:
•
http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html•
http://www.cisco.com/en/US/products/ps9911/tsd_products_support_series_home.html•
http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html•
http://www.cisco.com/en/US/products/ps8464/tsd_products_support_series_home.html•
http://www.cisco.com/en/US/products/ps10160/tsd_products_support_series_home.htmlObtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2011 Cisco Systems, Inc. All rights reserved.
