Network Access Control

I am working on an upgrade for a client to go from ISE 1.3 to 2.1.  We actually stood up a parallel deployment running 2.1, restored data and now are working on migrating over to it.  We have new VIPs setup on the F5 for the 2.1 deployment.My questio...

HelloCan we monitor the existence of a Posture policy? I mean, what posture rule are enabled or not enabled. Can we get this info from snmp queries or another monitoring tools, maybe API?We need to monitor the existense of posture rule automatically.

Hi Team,I have a customer who is adding his guest users into registered endpoints group as part of their CWA flow. Later on based on if the MACaddress is part of this registered endpoint group they are provided access.Here are the authz rules :When u...

Hi,In a project, we are using 802.1X with EAP-TLS and are trying to differentiate access based on certain details in the client certificate.I am trying to understand whether we should look to have those specific details in the certificate as value of...

Hi,does anyone has a configuration example in order to use ECC ciphers with ACS 5.8. I noticed patch 4 support ECC for AAA flows, but i am looking for a guide and/or example in order to use it for EAP-TLS authentication.thanks in advance!Best Regards...

Hi,  I've got an interesting request from a customer today.  They are using their guest portal for both regular guest users and employees. They would like the employees to connect only once to the portal and then be connected automatically... easy, y...

Hi Team, Do we have a step-by-step migration guide from a standalone to a fully distributed deployment model?How can we separate Admin and Mnt personas if we want to keep the existing logs?Do I see it correctly that we should separate the Admin perso...

Hi AllI am little confused on the port number 8905 for ISE communication, can you help meThe administration guide says the ISE node is discovered on port 80 first & then on port 8905. If the port 80 discovery goes fine, will the anyconnect still try ...

Hi Team, Could you please let us know how quickly ISE gets an update about patches if, for example,Microsoft is publishing a new patch?I guess, this depends on OPSWAT, and I see ISE can initiate an update in every hour from backend system, but I cann...

All,The attached picture is of an endpoint in my customer's system.  You can see that the endpoint has been in there for 600+ days but the inactive days is 0.  There is no selected authorization profile so most likely this device has never authentica...