Network Access Control

Question on Posture Remediation

Dear all,My customer is asking if they can use ISE for posture assessment and enforce below.- Check local firewall status (or enable it if necessary)Using WMI script? Do we have any sample script?- Disable wifiUsing WMI script? Any sample ...

ISE with Pre-Auth ACL

Without a Pre-Auth ACL, dynamic VLAN push and DHCP play nicely togetherWith a Pre-Auth ACL allowing DHCP, the dynamic VLAN push works OK but the devices don’t re-DHCP.So is a configuration with a port-based Pre-Auth ACL that allows DHCP and a subsequ...

Resolved! Question related to ISE certificate

1. Where does the endpoint certificate store if it is issued by ISE? (PSN/ADMIN node)2. What is the maximum number of certificate can be stored in ISE node group/per PSN?3. What can be done if the number of endpoint certificate reach maxi...

Resolved! ACS 5.2 does not check Active directory changes

Hi all,I am working with ACS 5.2 and using Radius authentication for vpn client.The authentication method used is Active Directory in an Windows enviroment with multiple domains in the same forest.My problem occurs when i change a user from one group...

Convert SNS-3595-ACS-K9 to 3595 for ISE

We have a customer that bought 2 x SNS-3595-ACS-K9. The partner is now going to deploy ISE and are realizing that the wrong 3595’s were ordered. Is there any way to convert the ACS software/license to ISE? Or do we have to RMA and re-order. Challenge...

Cisco ISE : linking a sponsor with a sponsor email

Hello, I have an issue with ISE 1.4. We have added a connection to our Active Directory, targeting Domain Users, such that any valid AD user can be a sponsor on the sponsor portal. We have also enabled auto-sponsoring, such that a Guest can provide a...

NAC Agent failure on secondary ISE server

Hi Guys, I have ISE 1.2 primary and secondary setup. NAC agent is working fine on the primary but as a test when I take the primary down to check if secondary will take over, NAC agent doesn't pop up at all. I did some troubleshooting:- HA setup is f...

Resolved! 802.1x with logon script

Hello, Before setting the 802.1x with ISE.The user logon with a script for mapping the network drive. We deployed the 802.1x with ip phone and PC successfully, however the logon script is not working now. Any required step to make the logon script w...

Resolved! Can't create an authorization policy on ACS5.8

Hi there,I am trying to create a network access authorization policy under 'Access Policies' on ACS5.8. But 'Create Above' and 'Create Below' Button is dim, not able to do it. What could be the issue?The installation is on ESXi5.5 as a VM. I login as...

ACS 5.3.40 is there patch available to support TLS 1.1 and 1.2 regarding SSL termination?

Hi,We are trying to reduce our susceptibility to SSL BEAST information disclosure vulnerability regarding our ACS 5.3.40 system.It's been suggested that we consider some defensive measures such as cipher suite selection.Wherever possible, we should ...

Resolved! ISE 2.0 HA Authentaication and authoziration

Hi , I have 2 ISE nodes, 1 Node is primary and other one is secondary. As per my understanding only the primary node should authenticate and authorize the endpoint. But in my case, i see both node are authenticating and authorizing the endpoint. kin...

Cisco ISE Profiler update broken following upgrade to 2.1

Recently upgraded my lab environment from 1.4 to 2.1 and the Profiler feed updates are failing with the below error:FeedService test connection failed : Feed Service unavailable : ConnectException invoking https://ise.cisco.com:8443/feedserver/feed/s...

vlan per AP Groups

hi guys,what is the attribute to use in ISE to assign a vlan based on AP Groupsthanks

Permissions required for ISE Posture remediation

Hello folks, I would like to know if the ISE posture remediation, like windows patches updates or AV updates can be installed on endpoint when the user is logged in with non-admin account. (Updates/remediation, not posture agent launch.)I'll be appre...

Resolved! ISE Licensing for Endpoint question.

I understand from the ISE Ordering Guide how a Base license, Plus, Apex license are consumed from Table 7. I am trying to better understand the concept of an endpoint and license need to be purchased to properly support the deployment.Given:(1) 100 ...

Network Access Control

Forum Posts

Question on Posture Remediation

ISE with Pre-Auth ACL

Resolved! Question related to ISE certificate

Resolved! ACS 5.2 does not check Active directory changes

Convert SNS-3595-ACS-K9 to 3595 for ISE

Cisco ISE : linking a sponsor with a sponsor email

NAC Agent failure on secondary ISE server

Resolved! 802.1x with logon script

Resolved! Can't create an authorization policy on ACS5.8

ACS 5.3.40 is there patch available to support TLS 1.1 and 1.2 regarding SSL termination?

Resolved! ISE 2.0 HA Authentaication and authoziration

Cisco ISE Profiler update broken following upgrade to 2.1

vlan per AP Groups

Permissions required for ISE Posture remediation

Resolved! ISE Licensing for Endpoint question.

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

Default Route SGT

PX Grid Connector and Service NOW

ISE Posture: secure client stops posture synchronization

Posture Script Condition–Fails to Connect When SHA-256 Fingerprint Add

Cisco ISE Counter for Authenticated Guests does not count up

Preparing the SNS 3615 for ISE 3.4 upgrade

BeyondTrust Remote Support dACL

SWITCH LOCAL USERS Failed auth when Server ISE is UP

Dynamic Vlan -Voice using Cisco ISE