Network Access Control

ISE Sponsor Portal Questions!!!

Hi Team, Few questions!! Can we integrate ISE with Safenet(Token) for VPN access using Inline Posture? 2. When we create user account in Sponsor portal in ISE. By Default Where does the user gets created, In internal database of ISE or in Active Dir...

Resolved! 802.1x re-auth is not initiated by switch when timer expires

Hi everyone,Can you please advise if this is an expected behaviour or something weird is happening?Customer has 3750 with 15.0(2)SE8. He defines reauth timer via Radius and it works fine if auth order is dot1x + MAB (priority is dot1x + MAB as well)...

Resolved! ISE Guest portal - use NAC Guest server for guest account AA

I have a customer looking to migrate off NAC Guest, and is looking for a way to use the accounts created in NAC Guest server as the external ID source for the ISE guest flow - is this possible?Thanks,Bob

RVS4000 802.1x Packet does not contain required Message-Authenticator attribute

I have an RVS4000 connected to a freeradius server and the server is indicating the following error: Packet does not contain required Message-Authenticator attribute (4) Sent Access-Challenge Id 7 from 10.97.17.6:1812 to 10.97.17.14:1030 length 0(4)...

How do I setup a Nexus 5672 for user authentication w/LDAP

I have a Nexus 5672UP running version 7.0(2)N1(1). I'm trying to figure out how I can setup user authentication to this device using LDAP (Active Directory). The first thing I noticed when trying to setup LDAP is that when I run the "feature ?" hel...

ASA AnyConnect Connection Profiles with RADIUS, restrict access

Hi, We have a working setup of ASA AnyConnect with RADIUS authentication. The RADIUS server is an NPS running on Windows. We need to be able to restrict users to separate connection profiles (or group policies), via RADIUS and windows AD groups. I t...

troubleshooting 802.1x failures

Hi! When your authentications failover from 802.1x to MAB without an apparent reason what do you usually do to troubleshoot the process? Thanks!

Resolved! Licensing for ISE to integrate with MSE

What are the licensing requirements for the ISE2.0 integration with MSE?Is the integration included with the base license or is Plus or Apex required?

Logging and Monitoring Dashboard - Troubleshooting

We've recently upgraded to ACS 5.8.0.32 with two ACS servers. One is the primary and the secondary is for log collecting. When we click on troubleshooting we are unable to see any live authentications. I've tried to stop and start the logprocessor as...

Resolved! TACACS+ support for 2-Factor Authentication

Hello,I have received several recent requests for 2FA with TACACS support in ISE 2.0, with some customers indicating they have been told by other customers that "it works". Having looked through the documentation, I have not seen anything to indicat...

Monitoring the ISE Deployment

Hi,Our customer recently had some problems some PSNs in their ISE 1.3 deployment and didn't realize for quite some time.They are now looking for the best way to monitor their deployment. I have not been able to find a full best practice around monito...

Does ISE ever profile incorrectly?

Does ISE ever mistake a printer with another device? How often does this happen? If anyone has any articles on the topic it is greatly appreciated. Thanks!

Resolved! ISE Authentication question

I have a customer who is implementing ISE at a few of their smaller development sites. The idea there is that developers workstations or Vms can only access the Dev environments and not production environments. The rest of the users authenticate an...

Resolved! Catalyst 3850 & show run vs show run all - ISE Missing Configuration Found on Device...

Hi there,A customer is asking whether the below findings will impact ISE operation.Their findings are that ISE appears to issue a show run to validate switch requirements, rather than a show run all. The show run doesn't return radius-server vsa send...

Resolved! Regex in Authc Policy or Relying on AD trust

hi,Our customer has multiple AD domains with a 2-way trust between them They have joined the ISE servers in domain1 and rely on the trust to authenticate users in domain2.They are concerned about the performance impact of relying on the trust as 50% ...

Network Access Control

Forum Posts

ISE Sponsor Portal Questions!!!

Resolved! 802.1x re-auth is not initiated by switch when timer expires

Resolved! ISE Guest portal - use NAC Guest server for guest account AA

RVS4000 802.1x Packet does not contain required Message-Authenticator attribute

How do I setup a Nexus 5672 for user authentication w/LDAP

ASA AnyConnect Connection Profiles with RADIUS, restrict access

troubleshooting 802.1x failures

Resolved! Licensing for ISE to integrate with MSE

Logging and Monitoring Dashboard - Troubleshooting

Resolved! TACACS+ support for 2-Factor Authentication

Monitoring the ISE Deployment

Does ISE ever profile incorrectly?

Resolved! ISE Authentication question

Resolved! Catalyst 3850 & show run vs show run all - ISE Missing Configuration Found on Device...

Resolved! Regex in Authc Policy or Relying on AD trust

win10 machines not auth in monitor mode ISE after upgrading to win11

ISE Posture – Long boot and no network access

External MDM heartbeat interval and Azure Public IP idle timeout

Issue with Posture Agent "Checking for product updates..." 0%

ISE BYOD woth Entra ID failing

Cisco ASA ip helper for lab

Updating a segment with a new authorization option

Cisco ISE Counter for Authenticated Guests does not count up

CIMC interface not working on Cisco 3615

CSCwc22988 - setting disclose usernames - popup server will restart