Network Access Control

Ive setup accounting with ACS 5.3 so I can see when an admin logs in. This level uses AD for authentication. When going to enable mode it uses the local account and the username changes to enable_15 in the logs. is there any way to retain the origina...

I manage an equipment demo network accessed via the old Cisco VPN Client.  Last night the router seems to have become the subject of attacks that overload the remote access in such a ways as to deny legitimate remote access.  No unauthorised remote l...

I have two ise VM nodes: 1.primary(primary administration, policy and monitoring personas) 2.secondary (secondary administration, policy and monitoring personas) how many license must I buy? one license for primary or need two license.?

Have customer that is using a 3rd party radius server to determine LDAP group membership as an attribute to see if VPN access is authorized before authenticating against an OTP.Sequence is as follows:User connects with username and OTP password, VPN ...

I recently upgraded my ACS from 5.6 to 5.8 with the latest patch installed.  Since then, it's been unable to retrieve user group attributes from Windows AD, which effective breaks all my authorization policies.  -The ACS-AD connector account belongs...

Hi Experts, I am having an unusual problem with our customer's ISE. Two days ago, some of the users authenticating via wireless network and is receiving a password expired error.On the ISE logs, I can see the following:"24473 - The user's password ha...

I am trying to move to closed mode with ISE 2.1. The switches are running XE 3.6.4. Only the RADIUS probe is enabled in ISE because I am using device sensors on the switch. The issue I'm running into is that Avaya IP phones that use LLDP are not bein...

I can see the source:unknown recorded in for any authentication logs and i expect it to be source:IP address of the actual source. It is working fine on other switch versions, can any one of you confirm if this is expected and how to fix it?

Hi community, I'm into this issue where I configured ISE 2.0.1 no patch with anyconnect nam eap fast and nac agent. Not using ac posture because of licensing. So, everything works ok, client provisioning and agent does pop up correctly and it takes a...

I have one Cisco ISE license for primary and secondary ISE device, and these two are in HA mode. both ware deployed in a VM. My question is, I'd like to place one cisco ISE in headquarter(primary one) and place the another cisco ISE in another buildi...

Hi all, I am trying to migrate Cisco ACS 4.2 to ACS 5.8 and i have few problems with importing all of the users from the old ACS to the new one. Let's say that every user is a phone number and in the old ACS every user has its own ip address, when i ...