https://community.cisco.com/t5/network-access-control/restrict-tls-version-in-radius-policy/m-p/4749300#M579068 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/485442">@Walker</a>&nbsp;, unfortunately as per the current versions of ISE&nbsp; , such feature is not possible . If you go to the&nbsp; menu displayed below (Administration&gt;system&gt;settings&gt;security settings)&nbsp; and enable/disable TLS versions, this is a configuration global that is implemented in all the nodes within your deployment and there is no way to restrict what you suggest by rules . What it will be ideal is that you update that device you mention using TLS 1.0 towards one of the newest versions .&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RodrigoDiaz_0-1672865229393.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/172528iCFADCE7FDAD9798B/image-size/medium?v=v2&amp;px=400" role="button" title="RodrigoDiaz_0-1672865229393.png" alt="RodrigoDiaz_0-1672865229393.png" /></span></P> <P>Let me know if that helped you .&nbsp;</P> <P>&nbsp;</P> Wed, 04 Jan 2023 20:48:21 GMT Rodrigo Diaz 2023-01-04T20:48:21Z https://community.cisco.com/t5/network-access-control/restrict-tls-version-in-radius-policy/m-p/4749199#M579067 <P>I am in the process of migrating from v2.4 to v3.1 and during this process, a new device type was introduced to our network that only supports TLSv1.0. On the new v3.1 ISE server, I have disabled TLSv1.0 and TLSv1.1 in the security settings. The devices are currently working on our v2.4 server because all TLS version are enabled.</P><P>My question - If I enable TLSv1.0 on my v3.1 ISE server, is there a way to restrict authentication to all devices to TLSv1.2 except if it is this specific device? I am browsing the RADIUS attributes but unable to find anything relevant.</P><P>&nbsp;</P><P>Any suggestions is appreciated.</P> Wed, 04 Jan 2023 16:52:31 GMT https://community.cisco.com/t5/network-access-control/restrict-tls-version-in-radius-policy/m-p/4749199#M579067 Walker 2023-01-04T16:52:31Z https://community.cisco.com/t5/network-access-control/restrict-tls-version-in-radius-policy/m-p/4749300#M579068 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/485442">@Walker</a>&nbsp;, unfortunately as per the current versions of ISE&nbsp; , such feature is not possible . If you go to the&nbsp; menu displayed below (Administration&gt;system&gt;settings&gt;security settings)&nbsp; and enable/disable TLS versions, this is a configuration global that is implemented in all the nodes within your deployment and there is no way to restrict what you suggest by rules . What it will be ideal is that you update that device you mention using TLS 1.0 towards one of the newest versions .&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RodrigoDiaz_0-1672865229393.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/172528iCFADCE7FDAD9798B/image-size/medium?v=v2&amp;px=400" role="button" title="RodrigoDiaz_0-1672865229393.png" alt="RodrigoDiaz_0-1672865229393.png" /></span></P> <P>Let me know if that helped you .&nbsp;</P> <P>&nbsp;</P> Wed, 04 Jan 2023 20:48:21 GMT https://community.cisco.com/t5/network-access-control/restrict-tls-version-in-radius-policy/m-p/4749300#M579068 Rodrigo Diaz 2023-01-04T20:48:21Z https://community.cisco.com/t5/network-access-control/restrict-tls-version-in-radius-policy/m-p/4749596#M579084 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/632778">@Rodrigo Diaz</a>&nbsp;Thanks for confirmation. We have already pressed the vendor to update to TLSv1.2 but I suspect that won't happen anytime soon.</P> Thu, 05 Jan 2023 13:12:14 GMT https://community.cisco.com/t5/network-access-control/restrict-tls-version-in-radius-policy/m-p/4749596#M579084 Walker 2023-01-05T13:12:14Z