Network Access Control

Resolved! ACS 5.3 compatibility with functional level

Hello everyone, I have a question about ACS compatibility. I saw that ACS 5.3 is not compatible with AD 2012, but is it compatible with AD 2012 directory configured in functional level 2008? Has anyone tried ? Authentication is ok ? Thanks for your ...

Resolved! Downgrading ISE OS versions

I'm planning to upgrade from ISE 1.2 to ISE 2.0. Part of the plan I'm required to include is a backout plan in case the upgrades fails. If that's the case, then I need to revert back to ISE 1.2 and ensure everything is returned to it's original state...

loadbalancing the traffic among 3 PSN behind netscaler VIP

Hi All , I have a ISE distributed deployment (VM) with 19000+ endpoints and 11k clients connection . I have three PSNs behind VIP from citrix . Below are set up details 1) according to me , it is best to have 32 GB of RAM and 8 cores of CPU for eff...

ISE 1.3 GUI Portal RSA 2 Factor Authentication

Hello My customer wants to use RSA 2 factor authentication to authenticate into ISE admin portal. I have imported the sdconf.rec file already and change authentication to RSA SecurID under admin access. When I go under an admin group I am not able to...

Getting "The remote server returned an error: (400) Bad Request." error when trying to connect to Cisco ISE 2.1 using ASP.NET MVC Application to consume Guest REST API

Hi All, I am new to the Cisco ISE 2.1 and trying to build an ASP.NET MVC 5 application that will create Guest Users using the Guest REST API. While I am trying to get user details (created using sponsor portal by sponsor user "vspl"), I am able to g...

5417 Dynamic Authorization failed

Hi guys, Does anyone meet this Radius Error in Cisco ISE 1.2 and the switch 2960 12.2(55)SE7 ? When i reauthentication the guest profile to the other profile using Radius CoA on the Self-Service Guest Workflow. The error is :Event5417 Dynamic Authori...

Resolved! Alarm for load on PSN for concurrent authentication sessions

We need to find a way to generate alarm if a PSN reached its threshold maximum concurrent sessions of 20K.Does MAX_AUTH_ATTEMPTS below corresponds to concurrency in a PSN or it is an average over 10 or 15 minutes ?Would like to hear how people are m...

Where to find owner of device registered in mydevices?

We are testing the mydevices portal to let students register their devices for use on wireless. When I search for my mac address I am testing with, I do see that it is in the correct endpoint group. However, I cant seem to find any owner info. There ...

trouble adding wildcard cert

ise 2.1 i'm trying to add a wildcard cert. was told i would need to get an exported cert and key from the non-ise server that was used to get the wildcard cert. i received 3 files: the ca cert (ca.crt), the wildcard cert (abc.crt), and the key (def....

in ISE 2.X how do you delete a single MAR cache entry?

Anyone know how to manually clear an endpoint in ISE 2.1 so that it will not be recognized in ISE as having a valid MAR entry? we're testing a new ISE 2.1 cluster for production deployment. I am mainly using virtual machines and a plethora of USB ne...

Mapping Reply-Message radius attribute to ACL rule stored on ASA

Hi everybody, I'm trying to figure out how to 'activate' ACL rule on ASA FW based on Reply-Message (or other supported) radius attribute we receive from our Radius server. The ideal working scenario is: We have a number of employees assigned to dif...

Resolved! ISE TACACS Authentication - log in before deciding if you should have access

I'm in the process of moving away from Cisco ACS to Cisco ISE version 2.1 for TACACS control of my network devices. I've opened up a case with TAC but the response I got seem counter intuitive and I'm hoping for either verification of this is now th...

Resolved! ACS as Identity Store to ClearPass/Forescout?

Is there anything special needed to add an old version of ACS (using it's internal database) as an Identity store of users to Aruba's ClearPass or Forescout? Want to do a simple transition of using the already setup accounts in ACS, but try some oth...

12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ISE local-certificate

Hi guys, I have root CA and intermediate CA in ISE local certificate store trusted for client authentication.I have imported both root ca and client certificate in the device I want to authenticate, but ISE keeps spitting out this error :12520 EAP-TL...

Resolved! Migration from 3315 to to SNS 3415 Appliance

I have a customer with ISE 3315 with software release 1.3 four pieces running, Two nodes(Active-Active) for Policy and Two nodes(Active-Standby) for Admin. He has purchased a new four(4) appliances 3415 with software release 2.0 purposely to replace ...

Network Access Control

Forum Posts

Resolved! ACS 5.3 compatibility with functional level

Resolved! Downgrading ISE OS versions

loadbalancing the traffic among 3 PSN behind netscaler VIP

ISE 1.3 GUI Portal RSA 2 Factor Authentication

Getting "The remote server returned an error: (400) Bad Request." error when trying to connect to Cisco ISE 2.1 using ASP.NET MVC Application to consume Guest REST API

5417 Dynamic Authorization failed

Resolved! Alarm for load on PSN for concurrent authentication sessions

Where to find owner of device registered in mydevices?

trouble adding wildcard cert

in ISE 2.X how do you delete a single MAR cache entry?

Mapping Reply-Message radius attribute to ACL rule stored on ASA

Resolved! ISE TACACS Authentication - log in before deciding if you should have access

Resolved! ACS as Identity Store to ClearPass/Forescout?

12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ISE local-certificate

Resolved! Migration from 3315 to to SNS 3415 Appliance

FQDN Migration, AD Re-join, Wildcard Certs for Redirectionless posture

Warning : ISE is experiencing latency issues, please check your networ

CSCwp21394 - wired nads failing CTS with error

CSCvv82262 - ISE 3.3 menu missing

ISE Machine / User Authentication Questions

How to aggregate multiple DAP ACLs on FTD 7.4 using ISE Posture?

Deploying an ISE Virtual Machine

ISE 3.2 P7–Context Visibility reset impact

Cert Authentication Profile in ISE

switch to the secondary PAN node