Hi,I'm working on an ISE-implementation and use ISE results for pushing interface templates to the switchports. This to keep the switch/interface configuration at minimum and only have configuration what is needed for the specific devices that will b...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Resolved! ISE / IBNS 2.0 - authentication open
Is anyone doing IBNS 2.0, or is everyone sticking w/ the legacy "authentication" commands that have been available like forever?We're looking into IBNS 2.0 to take advantage of its critical ACL feature that's not available in the legacy auth-manager ...
Hi Guys, I'm installing ISE 1.2 on the network and when testing with few machines, some of them reported "errdisable" status on the port after applying the .1X configuration. The config for the port I have is:switchport access vlan 10switchport mode ...
Hello, everyone!Can someone explain how the switch decides whether to use the primary or secondary PSN when sending Tacacs or Radius authentication requests? It depends on how the switch is configured or something else.Thanks Thanks
Hello,As part of a project, I need to implement 802.1X within my company. Therefore, I have set up a physical lab consisting of 2 switches and two PCs:- Two Cisco Catalyst 2960 Series switches with Cisco IOS® Software, Release 15.0(2)SE5- PC with Mic...
Hi, on ISE 2.7.0, would it be possible to get a report of the number of active devices on Cisco ISE in the last 30 days?The report should indicate the maximum number of devices seen/authenticated for each day.I tried on the available default reports ...
Dear Community Support.1. I have a need for only a Wired NAC, no wireless or Mobile Device Management. I am trying to understand /clarify what licenses I need to procure.2. I will be deploying two PAN Nodes in a central Data Centre - Primary and Seco...
Hi Cisco ISE admin folks,is there a way to force users to use LDAP insted of local users, as long as LDAP can be reached?How are you enforcing this? (*) I see that this policy can be specified in the web GUI, but there is also an option in the CLI wh...
Resolved! Default Route SGT
Hi all;Based on the following discussion, we can assign 0.0.0.0/0 to SGT Unknown (0/0000) for Internet traffic (any traffic that does not have any explicit assignment):https://community.cisco.com/t5/network-access-control/using-sgt-which-sgt-should-i...
I am getting the error below when trying to configure WMI. I almost get a similar error if I try to deploy the agent instead, i.e. remote copy failed to set credentials. I am using a domain admin account and I didn't see anything obvious when I tur...
Hi ExpertsRecently we upgraded Catalyst c9200-48P to 17.9.04a which is the recommended version.But the strange is that it seems the radius authentication failed when login to SSH by Putty.Before upgrade, it is working, when login by an AD account, it...
Resolved! Cisco ISE Migration from 2.4 to 3.1
We currently have ISE- 5 node cluster with 2 node for PAN and 3 nodes for PSN and currently running 2.4 version.We need to upgrade to 3.1 which is currently the suggested stable release.All integrations like AD, SMS gateway etc are active on the curr...
Resolved! Operational Issues in Wired 802.1x
Hi All,I have started building policy sets in ISE w.r.t wired 802.1x and mab in ISE and have configured switch for the same. But couldn't make the auth success.Switch logs:-*Feb 21 10:47:54.751: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication ...
Perhaps this will save anyone out there some frustration when using ISE 3.2 or later. The BU decided to rename a bunch of commands that were inherited from the classic Cisco IOS world, and which are deeply ingrained in our brains. It caught me out an...
Hi all,I am in the process of configuring corporate WiFi with the following setup:ISE 3.1 with a premium license, and a WLC Catalyst 9800-LWindows 10 laptops joined to a domain, featuring duo authentication without user certificatesThe laptops are eq...
