Overview

Cisco ISE supports protocol standards like RADIUS, its associated RFC Standards, and TACACS+. For more information, see the ISE Community Resources.

Cisco ISE interoperates fully with third-party RADIUS devices that adhere to the standard protocols. Support for RADIUS functions depends on the device-specific implementation.

Cisco ISE interoperates fully with third-party TACACS+ client devices that adhere to the governing protocols. Support for TACACS+ functions depends on the device-specific implementation.


Note

This document lists only the devices that are validated with Cisco ISE. Hence, this is not the complete list of devices that are supported by Cisco ISE.


The following notations are used to mark the device support:

  • : Fully supported
  • X : Not supported

  • ! : Limited support, some functionalities are not supported.

Network Access Control Capabilities of Cisco Switches

Table 1. Network Access Control Capabilities of Cisco Switches

Device

Validated OS 1

AAA

Profiling

BYOD

Guest

Guest Originating URL

Posture

MDM

TrustSec 2

Minimum OS 3

IE2000

IE3000 

Cisco IOS 15.2(2)E4

Cisco IOS 15.2(4)EA6

Cisco IOS 15.0(2)EB

X

IE4000

IE5000

Cisco IOS 15.2(2)E5

Cisco IOS 15.2(4)E2

Cisco IOS 15.2(4)EA6

Cisco IOS 15.0.2A-EX5

IE4010

Cisco IOS 15.2(2)E5

Cisco IOS 15.2(4)E2

Cisco IOS 15.0.2A-EX5

CGS 2520

Cisco IOS 15.2(3)E3

X

Cisco IOS 15.2(3)E3

X

Catalyst 1000

Cisco IOS 15.2(7)E3

Cisco IOS 15.2(7)E3

Catalyst 2960 LAN Base

Cisco IOS 15.0(2)SE11

X

X

Cisco IOS v12.2(55)SE5 4

!

X

!

!

X

Catalyst 2960-C

Catalyst 3560-C

Cisco IOS 15.2(2)E4

Cisco IOS 12.2(55)EX3

Catalyst 2960-L

Cisco IOS 15.2(6.1.27)E2

X

Cisco IOS 15.2(6)E2

X

Catalyst 2960-Plus

Catalyst 2960-SF

Cisco IOS 15.2(2)E4

Cisco IOS 15.0(2)SE7

X

Catalyst 2960-CX

Catalyst 3560-CX

Cisco IOS 15.2(3)E1

Cisco IOS 15.2(3)E

Catalyst 3560V2

Catalyst 3750V2

Cisco IOS 12.2(55)SE10

Cisco IOS 12.2(55)SE5

Catalyst 3560-E

Cisco IOS 15.0(2)SE11

Cisco IOS 12.2(55)SE5

Catalyst 3560-G

Cisco IOS 15.0(2)SE11

Cisco IOS 12.2(55)SE11

Catalyst 3560-X

Cisco IOS 15.2.4E10

Cisco IOS 15.2(2)E6

Catalyst 3650

Catalyst 3650-X

Catalyst 3850

Cisco IOS XE 16.12.1

Cisco IOS 16.6.2 ES

Catalyst 3750-E

Catalyst 3750-G

Cisco IOS 15.2(2) E6

Cisco IOS 15.0(2)SE11

Cisco IOS 12.2(55)SE5

Catalyst 3750-X

Cisco IOS 15.2(2) E6

Cisco IOS 15.2(2)E5

Cisco IOS 15.2(4)E2

Cisco IOS 12.2(55)SE5

Catalyst 4500 Supervisor 8-E

Cisco IOS 3.11.0E ED

Cisco IOS XE 3.6.8E

Catalyst 4500 Supervisor 7-E, 7L-E

Cisco IOS XE 3.6.4

Cisco IOS XE 3.4.4 SG

X

Catalyst 4500 Supervisor 6-E, 6L-E

Cisco IOS 15.2(2)E4

X

Cisco IOS 15.2(2)E

X

Catalyst 4500-X

Cisco IOS 15.2(6)E

Cisco IOS 15.2(6)E

Catalyst 5760

Cisco IOS XE 3.7.4

X

Catalyst 6500-E (Supervisor 32)

Cisco IOS 12.2(33)SXJ10

X

Cisco IOS 12.2(33)SXI6

X

Catalyst 6500-E (Supervisor 720)

Cisco IOS 15.1(2)SY7

X

Cisco IOS v12.2(33)SXI6

X

Catalyst 6500-E (VS-S2T-10G)

Cisco IOS 152-1.SY1a

X

Cisco IOS 15.0(1)SY1

X

Catalyst 6807-XL

Catalyst 6880-X (VS-S2T-10G)

Cisco IOS 152-1.SY1a

X

Cisco IOS 15.0(1)SY1

X

Catalyst 6500-E (Supervisor 32)

Cisco IOS 12.2(33)SXJ10

X

Cisco IOS 12.2(33)SXI6

X

Catalyst 6848ia

Cisco IOS 152-1.SY1a

X

Cisco IOS 15.1(2) SY+

X

Cisco Catalyst 9000 series switch family including:

Catalyst 9200

Catalyst 9300

Catalyst 9400

Catalyst 9500

Catalyst 9600

Cisco IOS XE 17.4.1

Cisco IOS XE 16.6.2

1 Validated OS is the version tested for compatibility and stability.
2 See the Cisco TrustSec Product Bulletin for a complete list of Cisco TrustSec feature support.
3 Minimum OS is the version in which the features got introduced.
4 The IOS 12.x version does not fully support the Posture and Guest flows because of CSCsx97093. As a workaround, when you configure URL redirect in Cisco ISE, assign a value to “coa-skip-logical-profile.”

Network Access Control Capabilities of Cisco Wireless LAN Controllers

Table 2. Network Access Control Capabilities of Cisco Wireless LAN Controllers

Device

Validated OS 5

AAA

Profiling

BYOD

Guest

Guest Originating URL

Posture

MDM

TrustSec 6

WLC 2100

AireOS 7.0.252.0

!

X

!

X

X

X

X

AireOS 7.0.116.0 (minimum)

!

X

!

X

X

X

X

WLC 2504

AirOS 8.5.120.0(ED)

WLC 3504

AirOS 8.5.105.0

Not validated

WLC 4400

AireOS 7.0.252.0

!

X

!

X

X

X

X

AireOS 7.0.116.0 (minimum)

!

X

!

X

X

X

X

WLC 2500

AireOS 8.0.140.0

X

X

AireOS 8.2.121.0

X

AireOS 8.3.102.0

X

AireOS 8.4.100.0

X

AireOS 7.2.103.0 (minimum)

!

X

X

WLC 5508

AireOS 8.0.140.0

X

X

AireOS 8.2.121.0

X

AireOS 8.3.102.0

X

AireOS 8.3.114.x

X

AireOS 8.3.140.0

X

AireOS 8.4.100.0

X

AireOS 7.0.116.0 (minimum)

!

X

!

X

X

X

WLC 5520

AireOS 8.0.140.0

X

X

AireOS 8.2.121.0

X

AireOS 8.3.102.0

X

AireOS 8.4.100.0

X

AireOS 8.5.1.x

AireOS 8.6.1.x

AirOS 8.6.101.0(ED)

AireOS 8.1.122.0 (minimum)

X

WLC 7500

AireOS 8.0.140.0

X

X

AireOS 8.2.121.0

X

AireOS 8.2.154.x

X

AireOS 8.3.102.0

X

AireOS 8.4.100.0

X

AirOS 8.5.120.0(ED)

AireOS 7.2.103.0 (minimum)

!

X

X

X

X

X

X

WLC 8510

AireOS 8.0.135.0

X

X

AireOS 7.4.121.0 (minimum)

X

X

X

X

X

WLC 8540

AireOS 8.1.131.0

X

X

AireOS 8.1.122.0 (minimum)

X

X

WiSM1 6500

AireOS 7.0.252.0

!

X

!

X

X

X

X

AireOS 7.0.116.0 (minimum)

!

X

!

X

X

X

X

WiSM2 6500

AireOS 8.0.135.0

X

AireOS 7.2.103.0 (minimum)

!

X

WLC 5760

IOS XE 3.6.4

IOS XE 3.3 (minimum)

X

Catalyst 9800-LC-eWC

Catalyst 9800-Fabric

Catalyst 9800-80

Catalyst 9800-40

Catalyst 9800-L

Cisco IOS XE 17.7.1

Cisco IOS XE 16.12.1

WLC for ISR (ISR2 ISM, SRE700, and SRE900)

AireOS 7.0.116.0

!

X

!

X

X

X

X

AireOS 7.0.116.0 (minimum)

!

X

!

X

X

X

X

5 Validated OS is the version tested for compatibility and stability.
6 See the Cisco TrustSec Product Bulletin for a complete list of Cisco TrustSec feature support.

Refer to the Cisco Wireless Solutions Software Compatibility Matrix for a complete list of supported operating systems.


Note

Due to CSCvi10594, IPv6 RADIUS CoA fails in AireOS Release 8.1 and later. As a workaround, you can use IPv4 RADIUS or downgrade Cisco Wireless LAN Controller to AireOS Release 8.0.



Note

Cisco Wireless LAN Controllers (WLCs) and Wireless Service Modules (WiSMs) do not support downloadable ACLs (dACLs), but support named ACLs. Autonomous AP deployments do not support endpoint posturing. Profiling services are supported for 802.1X-authenticated WLANs starting from WLC release 7.0.116.0 and for MAB-authenticated WLANs starting from WLC 7.2.110.0. FlexConnect, previously known as Hybrid Remote Edge Access Point (HREAP) mode, is supported with central authentication configuration deployment starting from WLC 7.2.110.0. For additional details regarding FlexConnect support, refer to the release notes for the applicable wireless controller platform.


Network Access Control Capabilities of Cisco Access Points

Table 3. Network Access Control Capabilities of Cisco Access Points

Cisco Access Point

Minimum Cisco Mobility Express Version

AAA

Profiling

BYOD

Guest

Guest Originating URL

Posture

MDM

TrustSec

Cisco Aironet 1540 Series

Cisco Mobility Express 8.7.106.0

X

X

X

X

X

Cisco Aironet 1560 Series

Cisco Mobility Express 8.7.106.0

X

X

X

X

X

Cisco Aironet 1815i

Cisco Mobility Express 8.7.106.0

X

X

X

X

X

Cisco Aironet 1815m

Cisco Mobility Express 8.7.106.0

X

X

X

X

X

Cisco Aironet 1815w

Cisco Mobility Express 8.7.106.0

X

X

X

X

X

Cisco Aironet 2800 Series

Cisco Mobility Express 8.7.106.0

X

X

X

X

X

Cisco Aironet 3800 Series

Cisco Mobility Express 8.7.106.0

X

X

X

X

X

Network Access Control Capabilities of Cisco Routers

Table 4. Network Access Control Capabilities of Cisco Routers

Device

Validated OS 7

Minimum OS 8

AAA

Profiling

BYOD

Guest

Posture

MDM

TrustSec 9

ISR 88x, 89x Series

IOS 15.3.2T(ED)

X

X

X

X

X

X

IOS 15.2(2)T

X

X

X

X

X

X

ASR 1001-HX

ASR 1001-X

ASR 1002-HX

ASR 1002-X

IOS XE 17.1.1

IOS XE 17.2.1

X

X

X

X

X

IOS XE 17.1.1

X

X

X

X

X

ISR 19x, 29x, 39x Series

IOS 15.3.2T(ED)

!

X

!

X

X

IOS 15.2(2)T

!

X

!

X

X

CE 9331

IOS XE 17.1.1

X

X

X

X

X

IOS XE 17.1.1

X

X

X

X

X

C8300-1N1S-4T2X

C8300-1N1S-6T

C8300-2N2S-4T2X

C8300-2N2S-6T

C8500-12X

C8500-12X4QC

C8200-1N-4T

ISR1100-4G

C8500L-8S4G

Cisco IOS XE 17.7.1

X

X

X

X

X

Cisco IOS XE 17.4.1

X

X

X

X

X

CGR 2010

IOS 15.3.2T(ED)

!

X

!

X

X

IOS 15.3.2T(ED)

!

X

!

X

X

4451-XSM-X L2/L3 Ethermodule

IOS XE 3.11

IOS XE 3.11

7 Validated OS is the version tested for compatibility and stability.
8 Minimum OS is the version in which the features got introduced.
9 See the Cisco TrustSec Product Bulletin for a complete list of Cisco TrustSec feature support.

Network Access Control Capabilities of Cisco Remote Access Platforms

Table 5. Network Access Control Capabilities of Cisco Remote Access Platforms

Device

Validated OS 10

AAA

Profiling

BYOD

Guest

Posture

MDM

TrustSec 11

Minimum OS 12

ASA 5500, ASA 5500-X (Remote Access Only)

ASA 9.2.1

NA

NA

NA

X

ASA 9.1.5

NA

NA

X

NA

X

X

X

10 Validated OS is the version tested for compatibility and stability.
11 See the Cisco TrustSec Product Bulletin for a complete list of Cisco TrustSec feature support.
12 Minimum OS is the version in which the features got introduced.

Validated Cisco Meraki Devices

Device Validated OS AAA Profiling BYOD Guest Guest Originating URL Posture MDM TrustSec13
Minimum OS
Meraki MS390 Latest MS 14.x release ! X X X X X
MS 14.5 ! X X X X X

Meraki MS120/MS125

Latest MS 14.x release

! X X
MS 12.x ! X X
All other Meraki MS models

Latest MS 14.x release

X X
MS 12.0 !14 X X
Meraki MR 802.1ac wave 2 Access Points Latest MR 27.x release
MR 26.0 X

Meraki MX Platforms

Latest Version

X

Latest Version

X
13 TrustSec is implemented using the Adaptive Policy feature. Adaptive Policy supports static and dynamic SGT assignment, inline SGT propagation, and enforcement of SGT-based policies. For more information, see Adaptive Policy Overview.
14 Meraki MS switches running OS version earlier than MS 14.5 do not support the Group Policy ACL feature. For more information, see Meraki MS Group Policy Access Control Lists.