My client is thinking to role out the ISE in the network they have old switches 2950g which supports only authentication with ISE.
In order to utilize most of the feature if not all we are thinking to replace them with 2960g.
Any advice, expereinvce in this regards will be very helpful for the recommended model for the access layer.
The actual 2960-switches (which are 2960-X, but the 2960-S are also very good access-switches) will be a very good choice. If you want to use the full power of ISE, you want a switch that is capable of running IOS >= 15.0. If I remember right, not all of the older 2960 are papable of that.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
you want a switch that is capable of running IOS >= 15.0. If I remember right
Nah. All 2960-series, from the legacy all the way up to 2960S, can run 15.0.
All of my 2960/2960G are running 15.0(2)SE4 already.
for sure you are right, I was thinking about the older 3750 which I used as access-switches some years ago when there were no 2960 with PoE. These switches only supported IOS 12.2.55.
Sent from Cisco Technical Support iPad App
Catalyst 2960, Catalyst 2960S, ISR EtherSwitch ES2 with OS [IOS v12.2(52)SE LAN Base] will support MAB, 802.1X, Web Auth, Session CoA, VLAN and DACL.
Catalyst 2960, Catalyst 2960S with OS [IOS v12.2(52)SE LAN Lite2 ] will support MAB, 802.1X and VLAN.
For more details of Network Access Devices, please refer to the following link:
You can use the 2960s that were recommended. However if you want to implement device sensor features (i.e. if profiling endpoints is a mandatory requirement). You should consider the 3750X with the proper licensing.
*Please rate helpful posts*
Agreed by the Tarik and Muhammad Khan's reply you can use the 2960s switch, but I recommend you to use 3750x which is capable of using all the services of ISE 1.1 as well as 1.2.
but I recommend you to use 3750x which is capable of using all the services of ISE 1.1 as well as 1.2.
Are you kidding????
I wouldn't recommend 3750X particularly when the 3850 is priced LOWER than 3750X and the 3850 has THE SAME features as the 3750X.
The future of the 3560 and 3750 looks bleak particularly when the 3850's "younger brother" is about to come out.
Following is the Cisco Identity Services Engine Network Component Compatibility, Release 1.2 which specify recommeded switch to use with ISE and different features supported by switch
Good document and had a look under "Supported Network Access Devices" and all I can say is it's OUTDATED. Someone needs to add the status of the Sup8 and the 6800ia, even though it's not supported.
You can use any of the L2 switches for 802.1x authentication and if you want L3 features you should use the L3 switches for reference you can check the list of features and IOS form the following link
and hardware compliance from the list for all ISE versions