Network Access Control

Authorize User Based on LDAP Group - ASA SSL VPN

Dear All, Am trying to authenticate VPN users based on LDAP group. Users in TEST-ACCESS group policy will be provided vpn access. rest should be denied by default policy NOACCESS. However, when i try only default policy is matching. the grp policy ...

Resolved! Audit trail for guest users

Hi Team,I have a customer who is adding his guest users into registered endpoints group as part of their CWA flow. Later on based on if the MACaddress is part of this registered endpoint group they are provided access.Here are the authz rules :When u...

Resolved! Performance difference between "matches" and "contains" conditions

Hi,In a project, we are using 802.1X with EAP-TLS and are trying to differentiate access based on certain details in the client certificate.I am trying to understand whether we should look to have those specific details in the certificate as value of...

How do you turn off aaa authentication/authorization on a console port?

I have aaa running on my router but do not want it on the console port. How do I turn it off

Resolved! ACS and ECC ciphers

Hi,does anyone has a configuration example in order to use ECC ciphers with ACS 5.8. I noticed patch 4 support ECC for AAA flows, but i am looking for a guide and/or example in order to use it for EAP-TLS authentication.thanks in advance!Best Regards...

Resolved! Guest portal: How to restrict employee access to only specific AD group?

Hi, I've got an interesting request from a customer today. They are using their guest portal for both regular guest users and employees. They would like the employees to connect only once to the portal and then be connected automatically... easy, y...

Resolved! Migration from standalone to fully distributed deployment

Hi Team, Do we have a step-by-step migration guide from a standalone to a fully distributed deployment model?How can we separate Admin and Mnt personas if we want to keep the existing logs?Do I see it correctly that we should separate the Admin perso...

Read-only user via AAA Radius

Hi Team, I have Cisco ASA and earlier it was having local users without AAA enabled. So we have admin users and few Read-only user. Now I have configured AAA with Radius server on it. And my users are added on Radius server to authenticate. Issue is ...

Cisco ACS 5.6 - Top N Authentications By User Radius Issue?

Hi. When I try to get the "Top N Authentications By User Radius Today" everything works fine but Yesterday, Last 7 Days and Last 30 Days return no results. Even Range dates which include today won't work... Adding to this is the fact that if, tomorro...

Resolved! ISE ports

Hi AllI am little confused on the port number 8905 for ISE communication, can you help meThe administration guide says the ISE node is discovered on port 80 first & then on port 8905. If the port 80 discovery goes fine, will the anyconnect still try ...

Resolved! Posture update info

Hi Team, Could you please let us know how quickly ISE gets an update about patches if, for example,Microsoft is publishing a new patch?I guess, this depends on OPSWAT, and I see ISE can initiate an update in every hour from backend system, but I cann...

Resolved! Purge/Inactive Days Idea of Purging

All,The attached picture is of an endpoint in my customer's system. You can see that the endpoint has been in there for 600+ days but the inactive days is 0. There is no selected authorization profile so most likely this device has never authentica...

Resolved! Support for VRF Aware HTTP Redirection for Guest/CPP

Hello,Trying to get Guest/CPP redirection working on a 3850 running 03.07.05.E. My .1x client VLAN is using a VRF and I can access the URL if I manually enter the redirect URL, I just cant get it to automatically redirect. I came across this from a p...

Resolved! ISE Capacity planning

What are the parameters other than CPU, Memory and Storage that should be monitored on Cisco ISE in order to do capacity planning effectively. Currently ISe 3395 with version 1.4 is active in the production environment in distributed deployment mode.

ISE 2.0 CPU alarm

Hi, I recently activated the alarms in ISE 2.0 and seems to work fine. But I´m receiving an "High Load Average" alarm I cannot undertand. The description says: Description : The ISE system is experiencing high load average.The load average number rep...

Network Access Control

Forum Posts

Authorize User Based on LDAP Group - ASA SSL VPN

Resolved! Audit trail for guest users

Resolved! Performance difference between "matches" and "contains" conditions

How do you turn off aaa authentication/authorization on a console port?

Resolved! ACS and ECC ciphers

Resolved! Guest portal: How to restrict employee access to only specific AD group?

Resolved! Migration from standalone to fully distributed deployment

Read-only user via AAA Radius

Cisco ACS 5.6 - Top N Authentications By User Radius Issue?

Resolved! ISE ports

Resolved! Posture update info

Resolved! Purge/Inactive Days Idea of Purging

Resolved! Support for VRF Aware HTTP Redirection for Guest/CPP

Resolved! ISE Capacity planning

ISE 2.0 CPU alarm

ISE 802.1x Authentication Failure - 12535 The EAP-TLS session ticket

PassiveID problems

CSCwp21394 - wired nads failing CTS with error

CSCvv82262 - ISE 3.3 menu missing

ISE Machine / User Authentication Questions

ISE failed to join Active Directory: Error_Access_Denied, How to Fix?

ISE 3.2 on VMWare - becomes a brick after trying to upgrade to 3.3

Cisco ISE

Query on Cisco ISE 3.2 patch 9

Upgrading ISE-PIC for FMC