Next year we need to migrate our deployment (2 ISE 2.7 on SNS-3515) to new hardware and newest version.My plan is to install new hardware, add it to the existing deployment and remove the old ones.I was searching for some information about compatibil...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Hi, we have several Cisco 3850 switches (WS-C3850-48P) that are all experiencing the same issue with various devices. We have printers and laptops that take several minutes to obtain an IP address. Sometimes the radius server sees the devices succe...
After I configure the Network Policy server I have this problem.When I remove the exec authorization local I can't get in Password required, but none set% Error in authentication.SWITCH>I have seen some suggestion to remove the framed-Protocol = PPP ...
Resolved! ISE Posture - No Policy Server Detected
Hello guys,I'm deploying the ISE posture policy and I run into the AnyConnect Posture return "No Policy Server Detected" as shown below. The switch and machine are able to reach to the ISE ip and dns name.I created the ISEPostureCFG.xml file and save...
Resolved! ISE multiple EAP certificates support
Can I have different policies point to different certificates for authentication with EAP? when I try to create a different EAP certificate I get a message saying that the already available EAP certificate will be replaced. If this is not supported a...
Hi For ISE BYOD the certificates are issued and stored internally on ISE. On ISE the BYOD certificate template only allows the Common Name for the certificate to be the UserName.My users credentials are hosted on an LDAP server so when the user is on...
Resolved! ISE binary comparison
Hi all, I am using ise 2.4 with windows AD for my environment's 802.1xI am using both user and machine cert authentication. I have also enabled the option "always perform binary comparison" for both my user and machine cert authentication profile. Wi...
I recently worked with a customer that is deploying Juniper EX switches with their existing ISE 2.6 cluster for NAC. We found that the currently available Network Device Profile for Juniper EX switches did not provide the ability to perform CoA actio...
Hi all,I try to understand a concept of the Cisco TrustSec system.On a network, I always used (until now) the binding of SGT to VLAN: this work well.For now, I want to go one step further and to statically bind some specific IP to an SGT.For example:...
Hello,I would like to configure several guest/sponsor portals on my Cisco ISE deployment and use them as a result in authentication policy for guest SSID (different sponsor/guest portal depending on location, WLC etc.). Just to make sure: I can crea...
Hi everyone.I'm working on a project to setup captive network. Therefore, for a user to connect, we redirect them to a login page where the url-redirect=https://example.com/login.html?client_mac=<<user's client mac address>>On the url-redirect config...
Resolved! Login to ASA with Enable Mode
I've seen some posts on the forum regarding the use of AAA to login to an ASA in enable mode. I'm using a Server 2008 R2 NPS server, and I can successfully login. However, I'm using the NPS server to send back the Cisco AV-pair for 'priv-lvl=15'. ...
ISE 3.2 patch 3 Windows 10 Wireless supplicant with wlan auto-config running but authentication missing. Has anyone ran into the issue where the Windows 10 wireless supplicants auto-config services is running/auto but the authentication tab is missin...
Hello,We've recently deployed new site and we would like to enable dot1x authentcation on all access ports. The point is that we've got some IoT devices (such as attendance systems and access control) that do not support EAP-TLS or PEAP and do not ha...
Resolved! Cisco ISE 3.X and TLS 1.2
Due to a vulnerability scan, I am tasked with upgrading the TLS version on multiple hosts, one being ISE. Does ISE 3.1 support TLS version 1.2 or 1.3? I can see in the security setting in ISE I am only given the options to allow TLS 1.0 and TLS 1.1 T...
