Hi,I have a few switches here that I configured a separate account with privilege level 7 to allow another user to only change the vlan of interfaces and save the configurations. This works fine for a few days but then they are unable to type switchp...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Hi, I need to migrate this prodcut to aws, is there any limitation to run cx agent on a bare metal on AWS with hyper-v?as cx agent only supports local vm configuration only(vmware and hyper v) Im think of using a bare metal to install hyper-v while c...
Hi All,We have currently required to scan our cisco switches with Nessus tenable.sc scanner and every time the scan started the datalink port disabled on the switch. I looked up the error and I found that err-disabled and I have to manually run a shu...
need to upgrade Cisco 2951 from 15.2-4 to 15.7 and i need the which IOS i can skip or what is correct order IOS i need to go in order
I have question about how Cisco ISE handles user passwords during TACACS+ authentication when LDAP is used as the external identity source. From what I understand, ISE forwards the user credentials to the LDAP server for authentication — but does it ...
Hi all, Do you know if FMC and FTD support ISE Tacacs+ device administration integration? So far, I did the router/switch and ASA integrations, but not able to find resources for the noted FTD and FMC ones! Looking forward to hearing any thoughts or ...
I need to create a read only custom privilege level for an automated service acct that can execute the show run and show tech commands. I used privilege level 2 for the radius authentication and have the below commands set on my test switch. I am abl...
Hello,I'm using ISE 3.3.0.430I have a few fortigates firewalls and I want to use TACACS to authenticate users. The TACACS is provided by the ISE.For 4 of them, there are no issues at all but for the last one, the connection fail.In the TACACS live lo...
Resolved! ISE LDAP authentication problem
Hello!I am very new to ISE and I have one which is empty. I upgraded it to 3.3p4. My goal is to set it up for Cisco switch administration over TACACS+ so that the admin accounts are located in MS AD -- we want to use the already existing AD accounts ...
We have an automation (using python) project where we have to update shared secrets on network devices (Cisco IOS/IOS XR and also other non-Cisco platforms, via netmiko). Of course, we also have to update (via ERS REST API) the Cisco ISE server with...
Hi, Am still navigating SDN with DNA Centre where I am upgrading device images using SWIM. I did an Upgrade to 9300 switches to a later iosxe image, after setting it as the golden image. What I don't understand is that even after successful upgrade...
Resolved! ISE, DNA, SDN
I want to schedule an external configuration backup for ISE, DNAC , which is the best workaround. I have veeam as an available option, however I see they support sftp which seem veeam does not support. Do I dedicate a server , eg linux server then ba...
HiWe have setup 2FA on our switches using Duo auth proxy. This is working fine.However we would like to be able to add a static account with no 2FA so that our security scanning tool can login to the device to retrive config details etc. This login w...
hello , we are in the process of upgrading our ISE environnement , and i have a couple of questions : 1- we have a 2.7 ISE with device admin perpetual licence ; in a separate environnement , i set up a 3.0 ise on a ISE-VM-K9 with evaluation mode and...
Hello,is it possible to use two external identity sources one after the other?We do TACACS and RADIUS for admin access to network and security devices.In a first authentication step I need to ask AD because there is a MFA system connected to.But in a...
