Network Access Control

I have a question regarding a new ISE deployment that will be integrated with DNAC. It's greenfield deployment for both ISE and DNAC. The recommended version for DNAC is 2.3.5.5, and after checking the compatibility table with ISE, version 3.2 p5 is ...

Sirs,I had doubts about a problem.The client does not have a GPO for Wireless, which is why we use the machine's certificate to validate access.We create an identity using the certificate and configure the policy set to check TLS first; Then the User...

Hello,Structure, - domain network- dynamic VLAN assignment (Microsoft NPS) but for some testing purpose in the example below is used static vlan assignment - Catalyst access switches (C2960X C9200)- "local domain joined" computers (dot1x authenticati...

Dear Community, To prevent from Cyber Attack / advanced attack we are checking to enhance more security with ISE. Hence, we would seek your  support and advice how to tuning stronger defend and how to detect/blocked/dropped for untheorized devices ( ...

Dear All,I have multiple vlans in my core switch along with VLAN A in my Core switch and only this vlan A is extended to a DMZ downstream switch. VRF is created for that VLAN A in downstream dmz switch and route is pointed to VLAN A;s SVI of core swi...

I need to prevent a Cisco 2960 switch from sending accounting information that is not related to 802.1x session to a radius server. Currently, I have the switches configured with radius authentication and accounting, but it is not enabled at the inte...

Hi All,I'm facing an error from ISE 3.1 version that "Backup failed to copy to repository failed".SFTP server account password expired and we have done the password reset.Will this would be an issue that backup can be failed? Will this issue can be s...

Hello,since we've updated ISE to 3.3 p2 we have some Problems with snmp v3.on the prod devices (SNS 3615) it was ok after Firmware Upgrade, but on the Test (VMWare) I can get snmp v3 to work:snmp-server enable snmp-server contact some-adress snmp-ser...

We are trying to implement Agentless Posture ( ISE 3.1 Patch 8 ) in our environment. However, there are some concerns that are raised by risk assesment team regarding some of the configurations. 1. Why the account configured for posturing (under Endp...

Dear Community, We use ISE 3.1 1. Primary Admin Node - DC Secondary site 2. Secondary Node and pxGRID Node - DC Primary site We are planning to perform test ISE functionality to ensure current Node can handle all sessions by disconnect for 1 of DC li...

hello, when i configure the sponsored portal and specify the URL for this portal, which IP will I put for this URL on my DNS to reach it ??

Dear Community, While ISE 3.x versions by default use TLS 1.2, so cannot find an option to enable TLS 1.3. To avoid the use of weak cipher of TLS 1.2, do you have any recommend /advice to keep it secure like protocols CBC, RC4,DES...or else? In case ...

Hello.There is a need that specific end clients can connect/authenticate(EAP-TLS) on RADIUS via specific NAS/Authenticators.It can be a 1:1(One end client allowed through a specific NAS only) or 1:Many(One end client allowed through multiple NAS) rel...