Network Access Control

Hi,does somebody have an idea how to migrate users from ACS 5.4 to ISE?I tried with migtool, but it's telling me that migration from ACS 5.4 is not supported.However if I install older ACS 5.1 and restore a backup from ACS 5.4 then it fail because it...

We are running version 5.2.0.26.4 of Cisco Secure ACS. We are using it to control access to our wired network and only allow our Cisco phones and our domain computers on the network. We use MAB for the phones and dot1x for the PC's. The system works ...

We are trying to leverage XenMobile with ISE and have it added and it Test successfully.  Devices have already been enrolled into MDM, we are wanting to query the MDM to determine if the device is Registered, JailBroke, etc to determine access.  In t...

I have a Cisco Prime server (version 2.0) and an ACS server (5.6)I am using the ACS server to authenticate my users, via TacacsI have some of my users being authenticated as Lobby AmbassadorsI have used the bulk import to create a shell profile and t...

Hi ,I want to understand the scenario of Access point Authentication and LAN Authentication. I am able access internet & intranet, by providing my credentials of captive portal on  AP - SSID.Then, at the same time when i plug-in  the LAN Cable , and ...

I'm playing around with ISE 1.3 and the self provisioning flow.  I'm able to provision a Windows client, but an iPhone or iPad with IOS 7.1.2 gives me an "unsupported browser" error when I try to sign on.  I have an IOS client provisioning profile se...

Hello,i have an ACS 5.4 in use. The used Authentication Protocols are TACACS.When i want to authenticate a normal router 2921 with Mac-Address,i try to configure a  router 2921 on ACS5.4 to authorize ACS internal user,but the autehntication reject th...

Hello Community,i have some troubles about my VG202XM as dot1x supplicant. I have found some informations to configure a normal router as a dot1x supplicant. But this commands are not work.The tested way was:enconf tdot1x credentials testusername tes...

Hey all. Seems like this should be an easy question, but after doing some reading, I'm still a little confused.Can I authenticate a windows computer against ISE using EAP-TLS with a computer-only certificate and stay authorized when the user logs in?...

Hi Experts, Could you please give me the right way and step to configure ISE 1.3 built in CA for EAP client auth. I'm trying to complete my dual SSIDs procedure. My configure may has some missing config on Certificate section. That make client can no...

hi,I have configured ise and redirection is working fine but I an having a challenge separating guest traffic from corporate traffic.I have attached a summary of my scenerio.

When attempting to configure an NTP authentication-key in the Cisco ISE CLI I noticed that it will not accept an md5 hash of 32 characters (16 bytes). Instead it is expecting a 40 character (20 bytes) hash. That is in line with a SHA-1 hash, not an M...

On the NAC agent, we can configure a discovery host manually.  Can it take multiple IP addresses? I've tried using semi-colon (;), colon (:), and comma (,), but the NAC agent won't send any discovery packets if these are configured. In my particular ...