Network Access Control

Team,Please share what features we support with RUCKUS WLAN controller as I see from ISE2.1 and ISE2.2 compatibility guide that we have only Authentication and Profiling support, and it doesn't support Posturing, BYOD and URL redirection.Please confi...

With one of our ISE deployments, we are using the native supplicant in Windows 7 and doing a Machine+User auth (with PEAP).  Machine auth works fine. Now, If a new user logs into the machine where the login profile needs to be loaded from the domain,...

Situation: On a catalyst 3850, we configured a switchport for Open access with a pre-authentication ACL. After succesful dot1x authentication we authorize the user with a RADIUS_ACCEPT and we push a dACL from ISE that is supposed to override the pre-...

Reason:Current setup Cisco ACS 5.8 on old 1112 hardwareThe new setup:5x Cisco ISE nodes (3x PSN, 1x Man + logging [this host], 1x MAN backup + PSN,)VMware:VsphereHardware UCSVMware ESXi 6.5 UCS nodesVSANSoftwareISE 2.3 isoInstalling ISE 2.3 via ISO b...

Hi,  we have a scenario for the upgrade and i have a customer requirement. we have 10 ISE nodes in the deployment includes 2 Admin nodes (PRI & SEC) and 2 MNT nodes (PRI & SEC) and 6 PSN. the nodes are deployed in 2 branches in riyadh and dammam.curr...

Looks like registered BYOD endpoints were purged because of the default 30 day policy for a PoV.  Tried to manually put their MACs back into the RegisteredDevices endpoint group (instead of 'profiled') but for some reason they still failed the Authen...

Does ISE have the ability to restrict a user login to one device across a distributed ASA environment? The user can login to ASA-1 with a laptop, but then they cannot then login to ASA-2 with their iPad. I know we can support this on the ASA and it l...

Scenario I'm trying to resolve - User plugs in to an open network jack, ISE directs them to a portal page where they have two options - Click through for "guest" access (no registration or login required), or see a link for Employee access which woul...

Hi all,Customer has security audit requirements and their audit team is asking my customer to prove that all these services with vulnerabilities to be shut down.Understand that we can turn off TLS 1.0 and 1.1 on ISE 2.2P2 but we're still unsure how d...

I have just begun to roll out 802.1x authentication and am finding that while I got authentication for PC's on the data VLAN to work, phones on the VOICE VLAN are not unless I set "authentication host-mode" to "multi-host".   We have been running un-...

Hi Team,My customer tried to upgrade from 2.0 to 2.2 recently and was hit by CSCvd07886: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd07886/?reffering_site=dumpcrHe came back to me with this.At this time, and assuming that Cisco’s TAC recommend...

GUEST - Can we redirect based on device type  "profile" to a different portal ?For example a LAPTOP user will get redirected to a Sponsor approval guest portal , but a MOBILE user gets redirected to a Self reg / hotspot portal ?ThxGreg