Network Access Control

Dear All, I have configured the SCP on Cisco routers and switches, enable the below command for SCP as per below article. aaa authorization exec default group tacacs+ http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_ssh/configuration/xe-3s/a...

I'm dealing with ACS 5.7 and mobile APN authentication with RADIUS protocol. I would add the RADIUS attribute calling-station-id included into the Access-Request as authentication element. So that the user authentication is based on username/password...

Hello, Since yesterday I've been getting some High CPU alerts from our ACS appliance. We have a 5-7-0-15-1 version, but I havent been able to identify what is consuming all the CPU. Does anybody know how to identify what is consuming the CPU in this...

Hello Cisco forum, I'm new to the Forum, and I'm having some difficulty getting my 7921's connected to an 802.1x \ EAP-TLS SSID. I can generate the CSR on the handset, and then get the output into the web page of a windows cert server to generate t...

I am considering deploying OCSP in ISE v1.4. Is there way that ISE v1.4 can send notifications or alarms on the status of OCSP to an email address? If so, what are steps to set it up? I didn't see it in any of the ISE user or admin guides for v1.4.

Hi dears , I have a question regarding to ISE ,I have deployed ISE 2.0 ,now I am testing it ,now I haven't added any MAC addresses for MAB ,under the interface here is the config. int gig 2/0/1 switchport access vlan 100 switchport mode access swit...

Dot1x works until a switch is reloaded, afterward ports do not re-authenticate until they are bounced again, or endpoint is rebooted (NIC bounced) Looking at logs with TAC they say the host is not responding (windows box) but why would bouncing the p...

after power failure cisco ise nodes had wrong time (+1 hour from normal) 1 node took right time from ntp server, but on second we found such messeges in log: 2015-11-22T12:27:48.976206+03:00 ise1 ntpd[2224]: synchronized to 10.19.2.1, stratum 1 2015-...

Hi Team, Good day.  I have been trying to generate a CSR from a ISE but whenever the page is accessed I am getting the attached error message.  This ISE is the secondary unit and I am not having any issues on the primary unit when trying to access ...

Hi all I am trying to deploy a new eap chaining authentication for machine and user authentication with certificate.   Tunnel EAP_FAST and authentication EAP_TLS   I would like to perform 4 policies: Machine and user has the certificate: It is worki...

Hello,i´m using ACS5.5. NEAT work fine. Is there a possibility to add a command when the port changes from access to trunk? Because cdp is not enabled when it is an access port. But when it changes to trunk i would like to enable cdp.Jan 17 11:39:09....

Hi everyone, I have problem when upgrading my ACS form 5.2 to 5.4 using Application Bundle I transfer using FTP Server. when it is done the message appear like this. Saved the running configuration to startup successfully% Manifest file not found in...

refer : http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_23_transitioning_monitor_mode.pdf in page 10 "The limit of dACL support for Cisco switches is 64 ACEs (64 lines)."  -> 64 lines acl is mean per inter...

Hello,I just upgraded to ISE 1.2 and lost access to my two repositories. This was expected. I was able to get one of my repositories back by deleting and recreating it. I created it in the GUI and then ran the command "crypto host_key add "IP address...