Cisco ISE NAD Configuration Templates

I’m going to use this page for links to the configuration templates I use when deploying Cisco ISE. These templates are provided As-Is with no guarantee. Yes, even I sometimes have a fat finger error. I will be updating them on the share if/when I find better configurations.

Be sure to check the Network Component Compatibility list for your version of Cisco ISE as well as the feature list for your NAD OS release before trying to apply any configuration settings. Otherwise, you may just receive a lot of errors.

Switch Templates for Cisco ISE Authentication

Note: The C3PL templates are based on IBNS 2.0. It was just shorter by a couple of characters to name them C3PL (what will I do with the time saved?). I am testing out new IBNS 2.0 configurations that will utilize service templates for more of the config (ie load once, apply to several) and will get those uploaded when I verify they work properly.

The C3PL configurations below will authenticate Dot1x and MAB at the same time. It will work for most deployments but can cause duplicate records to show up in the Live Logs (1 for MAB, 1 for Dot1x). Be sure to test if this will work for your deployment. I will post templates soon that will be configured to run Dot1x until failure before attempting MAB.

Cisco ISE C3PL Switch Config Template
Cisco ISE C3PL Switch Denali Config Template

Cisco ISE C3PL & TrustSec Config Template
Cisco ISE C3PL & TrustSec Denali Config Template

Cisco ISE non-C3PL with Device Sensors Config Template
Cisco ISE non-C3PL without Device Sensors Config Template

Cisco ISE IOS/IOS-XE TACACS+ Auth Template

Adaptive Security Appliance (ASA) Templates for Cisco ISE Authentication

Cisco ISE ASA TACACS+ Authentication Template