Currently have an issue when our edge switch reboots the authentication sessions on the switch come back with "UNKNOWN" domain. The AAA server is marked as "alive" but these auth session stay in an "UNKNOWN" Domain and failed Authentication .Shouldn'...
We're currently doing a tech refresh and replacing older switches with 2960s and we're having an issue with our switches displaying UKNOWN when doing the command "sh auth sess". Here's an example of the command output. The switch I use in this exampl...
Ive just added a secondary ISE node and it has synced fine. But what Ive noticed is that I am unable to login via AD even tough it has the external option. Can someone help?
ISE doesn't seem to make use of the latest and greatest table of MAC OUI Vendor strings (again) I have around 100 endpoints profiled as "Unknown", with OUI Attribute "UNKNOWN" for which www.macvendors.com (in most cases) lists a vendor string. e.g. E...
Hi team, i would like to authentication my end user for dot1x. i have Fortiswitch and cisco ise 3.2.I have integrated the switch with ise and when i tested is successfully. but i trying form endpoint the request is not reaching to the ise. so please ...
Hi We Student SSID with guest flow and authenticate with active directory users, is there any option to configure posture for this kind of ssids
Hello Guys, One of my customers has the below posture requirements. 1. Check if a particular AV is installed, if not send an email to service desk and block the PC's network access. 2. Check for missing patches (by integrating with Manage Engine) and...
I have followed this old post and added script under optional content 2 but it didn't work https://community.cisco.com/t5/network-access-control/ise-mydevices-portal-customization-remove-the-column-for-pending/td-p/3466500 Does anyone has the new sc...
I would like to know how I can block a specific MAC on my Cisco Prime Infrastructure device. Is it possible?
I'm trying to provide users with a Message Text when they fail posture that isn't a single run one paragraph. We would like to have returns between some of the lines and also make part of it bold (such as the IT Help Desk phone number). How do you ...
Hello, I added OKTA to ISE as a Radius Token server, and it works fineOKTA return RADIUS attribute "25 Class" for each group, example class attribute :ou=group1ou=group1;ou=group2I see on Radius token server / authorization, I can configure CiscoSecu...
Hi,I am actually trying to implemement profiling with the Cisco ISE (2.7 patch2) and Aruba 2530 (SW 16.10.011).After profiling the devices, the ISE sends a CoA POrt Bounce to the switch.But I am still getting a "Missing attribute" back from the switc...
Hi all;Unfortunately, there is very little explanation, use cases and possible caveats encountered when using the "XSS Security Scan Enforcement for EndPoint Probe Data" option.Does anybody have any experience related to this option?Thanks
I have a two nodes cluster ISE 3.2 patch-5: node 1 is ISE-PAN-PSN and node 2 is ISE-SEC-PSN and both nodes also function as PSN. For the past few days, I received the following emails that the smart licensing renew success but it is being sent from...
I am working on renewing my ISE licenses. I was tasked to see how many devices we are authenticating to determine the tier we need to purchase. Looking through the endpoint dashboard I have a high count of devices. There are a lot of entries that a...
