Network Access Control

ACS how to limit AD max user sessions

I have WLC (7.4) that uses 802.1x auth with our ACS (5.3)Our ACS connects to our AD as external identity.How can I limit the max sessions per AD usersAccess Policies > Max User Session Policy > Max Session User Settings-That would affect all my Acce...

Resolved! ISE 2.1 High Availability when using Third Party NAD DNS/DHCP Redirection

Hi GuysLooking through the (very useful) configuration guide (Configure Third-Party NAD Redirection on ISE 2.1 - Cisco) I see that the DNS/DHCP function is bound to a specific node in the ISE cluster/*The DHCP server pool is bound to a particular ISE...

ISE 1.3 issue with Catalyst 4500E (12.54)

Hi! I am new to ISE world. I have different Authorization policy based on computer and user. Once the computer start it will assign to vlan based on its security group membership. If a user login to same computer then second Authorization clicks in I...

ACS 5.7 - IP address included in the license?

Dear all, I have to change the IP address of a ACS 5.7 on a Cisco 3495 appliance.Is this possible without the need to replace the license file? Or what is the unique information that this license will work on this hardware?We have the base license a...

Resolved! max length for passing LDAP URL attribute content via Radius Reply-message

I have a customer wanting to use ISE to authenticate their remote-access VPN connections to their head end.As part of the access-accept message when it is sending radius attributes, they want to send the contents of the LDAP URL attribute to the head...

ISE redundancy/failover over distributed environment at different geographically locations.

Hi, I have a use case where i need to configure ISE at two different geographical locations: HO (India) and BO (USA). Requirement is, if the ISE server fails at US Branch, all the endpoints must automatically fail-over to HO (India) an...

Resolved! Guest: bypass sponsor approval based on email domain

Hello,My customer is asking if it is possible with self-registration with sponsor approval workflow to bypass sponsor approval if the guest registers with a specific email domain.Example:- @Domain.com (whitelist) --> bypass sponsor approval-...

AAA Authentication on Nexus 9372PX with ACS 5.8

Hello, I am facing an issue for AAA authentication of Nexus switch for AD users via ACS 5.8. Following is the configuration on Nexus: aaa group server tacacs+ ACS_GRP server 10.2.200.101 use-vrf management source-interface mgmt0aaa authent...

How do I Check Diffie-Hellman Allowable Key Sizes in ACS?

According to some discussion groups and Apple's notes, "OS X El Capitan will not connect to a server that allows negotiation with a 512-bit or smaller group." This applies to 802.1x supplicants as well. Consequently, we want to check what the minimum...

ISE 2.1 unable to register secondary node

Scenario: I have up and running ISE 2.1 appliance 3415. Its role is set to Primary. When I try to register other node as Secundary everything looks fine. I get the status Pending, but then it fails with error. I have reset-config to factory defaults ...

ISE multiple interfaces. Isolated Guest network

I'm working on getting ISE Guest authentication on a WLC working and ran into an issue. The guest network is on a totally isolated network from production. I was wondering if anyone ever setup ISE with one interface for management and one interface...

Cisco ISE 2.1 query Lotus Notes LDAP

I would like to integrate Cisco ISE with IBM Lotus Notes LDAP but I cannot find any example document in Cisco Web and others. I am not Cisco ISE 2.1 can query user information from Lotus Notes LDAP. If anyone has the example configuration or can co...

Multiple Bugs in ISE

Hi all; I'm working on ISE to learn security materials. recently I faced with some strange behaviors on ISE and found that all of them are unresolved bugs. if you have any idea on how to resolve them or you have any workaround, please let me know. ...

ISE licensing/upgrade question

Hi, A customer has ISE wireless upgrade licenses that are good until 2019. The ISE wireless licenses he has expire this month. Those licenses are End of Life so he cannot reorder these to make both term at the same time. In October, I was told he wou...

Resolved! ACS 1121 support 1 lac end devices

Hi, Anyone can please confirm that ACS 1121 supports 100000 device's? Or not from AAA perspective. If not how many devices are supported on ACS 1121. Customer is using ACS 5.5 in production. Regards,Hiten R

Network Access Control

Forum Posts

ACS how to limit AD max user sessions

Resolved! ISE 2.1 High Availability when using Third Party NAD DNS/DHCP Redirection

ISE 1.3 issue with Catalyst 4500E (12.54)

ACS 5.7 - IP address included in the license?

Resolved! max length for passing LDAP URL attribute content via Radius Reply-message

ISE redundancy/failover over distributed environment at different geographically locations.

Resolved! Guest: bypass sponsor approval based on email domain

AAA Authentication on Nexus 9372PX with ACS 5.8

How do I Check Diffie-Hellman Allowable Key Sizes in ACS?

ISE 2.1 unable to register secondary node

ISE multiple interfaces. Isolated Guest network

Cisco ISE 2.1 query Lotus Notes LDAP

Multiple Bugs in ISE

ISE licensing/upgrade question

Resolved! ACS 1121 support 1 lac end devices

Cisco ISE posture policy match orders

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

Default Route SGT

PX Grid Connector and Service NOW

ISE Posture: secure client stops posture synchronization

ISE pxGrid client/server certificate creation and renewal

not able to export scheduled reports to repository

Mac Authentication Bypass (Credential Failure)

I have a question regarding the ise license.

Posture Policy for Wired & Wireless endpoints