Network Access Control

Resolved! ISE troubleshooting with CLI and log files

Hi All,I'm looking for some assistance please. I'm struggling to find a table which details what each log file's purpose is on the CLI. For example:What log files must I look at to troubleshoot active directory issues?What log files must I look at to...

Resolved! ISE/Active Directory connection info

Can we get the information located in the TechZone link below updated (if needed) for ISE 2.x and posted to the community? Customer was looking for this type of information and did not have access to the TechZone article.https://techzone.cisco.com/t...

ACS end-user authentication to Active Drirectory OU

I'm running ACS 5.5. I have end-users logging in from ASA VPN or Wireless Lan Controllers that hit ACS via RADIUS for authentication. ACS is joined to my Active Dreictory domain to actually authenticate/authorize the end-user connection. Everything ...

ISE & Guest Portals

We have a situation that we are trying to get a handle on, so I thought I'd post here. We are running ISE 2.1 patch 3 and or common switches are 3850s running 03.07.04E. We have six PSNs, and two masters and loggers. Two of the PSNs are dedicated ...

Resolved! Reauthentication timer max value

Hi all,What is the maximum value of the re-authentication timer in the authorization policy for RADIUS i can set?I haven't find anything in documentation.Thanks!smaikol

ACS 5.2 with OpenOTP RadiusBridge as External Radius Server

Hi all,Looking to see if anyone has experience getting RadiusBridge/OpenOTP to work as an external Radius server with Cisco ACS 5.2? We are looking to configure MFA using OTP token and test user defined on external OTP server. On OpenOTP server side ...

ISE upgrade 1.3 to 2.1 issue

Hello experts, I am trying to upgrade the ISE version from 1.3 to 2.1. 1. download the new ise version "ise-upgradebundle-1.3.x-and-1.4.x-to-2.1.0.474.x86_64_old.tar.gz" did the MD5 checksum and its showing diff then what cisco mentioned.... Cisco ...

Tacacs+ authentication and authorization fail with NXOS

I am trying to configure TACACS+ authentication and authorization for NX-OS (Nexus 7706) 7.3(0)DX(1) Configuration on Nexus's are the following : aaa group server tacacs+ tacaaa authentication login default group tac noneaaa authorization config-co...

ISE 2.1 Patch 3- Dashboard Metrics Blank

We recently upgraded from ISE 1.4 to 2.1 an applied Patch 3. We have a 2-Node Deployment. Since the upgrade, the dashboard metric for Active Endpoints and Authenticated Guests are blank showing zero. I have TAC case open, but was wondering if any...

Resolved! Validating AnyConnect Identity Extensions (ACIDex) attributes against external DB

Hi all,does someone know if it is possible to validate AnyConnect Identity Extensions (like device ID) against an external DB? I know it's possible by using ASA DAP, but customer would like to do it centrally on ISE. Could not find a way (tried to do...

Resolved! Can we use different interface(non-management interface) on ISE for web-logon portal

Can we use different interface(non-management interface) on ISE for web-logon portal? Customer is now setting up ISE2.2 for their environment (for dot1x / Webauth with switches)… .. They are using single IP-address ( management VLAN) -which is not ac...

Cisco ISE 1.3: No Data Available in System Summary

Hi Team, May I know your insights regarding our ISE with version 1.3.0.876. Its Sytem Summary dashlet does not have any data and when we tried to connect a 802.1x device for authentication there was no report generated under Operations>Authenticatio...

ISE - Since enabling Profiling, authentication to Internal User DB fails

Hi, I have a policy rule that to permit access to a device matching a specific device type, which then used a local Identity from the Internal Users DB for authentication. This was working fine until I enabled Profiling service (RADIUS) on the PSN. ...

Cisco ISE CRL fails to download

Using ISE 2.1 patch 3, I have a CRL with spaces tried both https and http and the correct permissions are on the url, full accessible with domain and non-domain workstations/accounts http://pki.companyname.com/pki2016/company%20name%20PKI-PROD%20Iss...

Resolved! ISE REST API Query

Hi Experts,A customer of mine is trying to integrate their home grown Identity Management system with ISE via REST API's. They want to test passing MAC address info to the ISE Database using the API's. The developer has come to me asking for the belo...

Network Access Control

Forum Posts

Resolved! ISE troubleshooting with CLI and log files

Resolved! ISE/Active Directory connection info

ACS end-user authentication to Active Drirectory OU

ISE & Guest Portals

Resolved! Reauthentication timer max value

ACS 5.2 with OpenOTP RadiusBridge as External Radius Server

ISE upgrade 1.3 to 2.1 issue

Tacacs+ authentication and authorization fail with NXOS

ISE 2.1 Patch 3- Dashboard Metrics Blank

Resolved! Validating AnyConnect Identity Extensions (ACIDex) attributes against external DB

Resolved! Can we use different interface(non-management interface) on ISE for web-logon portal

Cisco ISE 1.3: No Data Available in System Summary

ISE - Since enabling Profiling, authentication to Internal User DB fails

Cisco ISE CRL fails to download

Resolved! ISE REST API Query

Default Route SGT

PX Grid Connector and Service NOW

ISE Posture: secure client stops posture synchronization

Posture Script Condition–Fails to Connect When SHA-256 Fingerprint Add

Is it possible to use "PostureOS" attribute in ISE Profiling Policy

ISE Dot 1 X Authentication

Problem with PSN ISE node (error 5405 Radius session drop)

Update DNS in ISE really this hard/bad?

ExternalGroups in REST ID (Azure AD) in Authorization Policy

ISE TACACS log backup restore