Network Access Control

Resolved! Cisco ISE 2.0 and WLC 5508 with 7.6.130.0

I've looked over the release notes and NAD compatibility for ISE 2.0 and haven't seen the answer to this. For the WLC 5508, the minimum AirOS is 7.0.116.0 but it has limited AAA authentication and guest support. The recommended version of AirOS is 8....

ISE - Profiling question

Profiling Question: I have a question about profiling. I understand that it is used with ISE to make authz decisions based on what ISE can determine the endpoint is. Profiling is used to help ISE learn this. Few questions about profiling: SNM...

Best practices - RSA token auth with custom attibutes

I am looking for some assistance on how best to use a RADIUS server to pass RADIUS attributes back to an authenticator.Currently, the customer uses SteelBelted Radius. The NAD sends an authentication request to SBR, SBR looks up the local user, auth...

Resolved! ISE web redirect to warning page or external web server - custom warning page

Customer wants to setup a static one page web page that says "You shouldn't be here, contact xxx for more information". The goal is to identify employees trying to use company computers on the guest network. They have ISE 1.4 detecting these systems ...

Resolved! ISE 2.0 MDM integration question

Hi experts,I have a Use Case for ISE 2.0 and MDM integration. The customer wants to allow BYOD devices (PEAPMSCHAP) and also MDM managed devices (PeapMschap)How can we avoid the BYOD devices to hit the MDM query rule the first time? And at the same t...

Resolved! 3355 in large 1.3 deployment

HiThe ISE documentation for 1.3 states that 3395 and 3495 appliances are supported as admin and MnT nodes for a large ISE deployment, but does not specify any requirements for PSNs in a large deployment.Can 3355 appliances be used as PSNs in a large ...

Custom My Device/Sponsor portals with API - HA

Hi Folks,Customer is more than likely going to use REST API to use their customer portal pages for both My Device and Sponsor portals with ISE.My question is regarding HA with the REST API services. Reading the API guide it appears that the Primary A...

AAA log size estimate

Hi All, we have a financial customer who is looking at deploying ISE for 60K concurrent endpoints with 2 x Admin, 2 x MnT and 8 x PSNs. They would like to get some guidance on sizing for additional storage for retaining the logs for up to 7 years. I ...

Time of day restrictions

Hello,We are currently running ISE 1.4 Patch 5 (soon to go to 2.0) along with the Cisco WLC 5508 7.4.140.0. We have a mandate to turn off our wireless during non business hours. Currently, I have a script that runs to shut/no shut the switchport wh...

Accounting-Stop Same PSN for Session terminate 1.4/2.0

Hey Folks,When PSN receives an accouting-stop from NAD (WLC in this case) it will deactive session and free up the license. Is this information shared in the deployment in newer ISE versions (1.4 2.0 etc.)? See a scenario lets say doing MAB only, and...

TACACS with WLC

I am trying to configure TACACS for WLC and am following this youtube video from TAC but when I get to the step where I pick device type WLC all I see is “All device types”Any guidance appreciated.

SUP32 PISA support with ISE 1.2 and 1.3

Hello,I would like to ask about the support of the SUP32 PISA of the C6500 (already EOL) with ISE 1.2/1.3.I found that the Sup32 PISA runs a software version 12.2(18) and the minimum compatibility with ISE 1.2/1.3 of the "ordinary" Sup32 for 6500 is ...

ISE 2.0 NAC agent stuck in loop

I am doing a greenfield install of ISE 2.0 for a client. Using EAP-TLS for machine and user auth, but the client wants posture assessment as well. I can get the laptop to install the NAC agent. I only have the NAC agent installing on the unknown d...

HP5500-HI + TACACS ACS (version 5.7)

Hi guys, I have a privilege level problem between an HP switch and the Cisco ACS server.Apparently the ACS server is not passing the parameters of privilege properly and this is causing the Users do not access the switch.Does anyone have any ide...

Resolved! ISE 2.0 notification about failed TACACS authentications

Hello everyone,I cannot find if it's possible to send notifications from ISE after several unsuccessful attempts to login to the network device. My Customer wants to receive email (or at least syslog) notifications after several TACACS authentication...

Network Access Control

Forum Posts

Resolved! Cisco ISE 2.0 and WLC 5508 with 7.6.130.0

ISE - Profiling question

Best practices - RSA token auth with custom attibutes

Resolved! ISE web redirect to warning page or external web server - custom warning page

Resolved! ISE 2.0 MDM integration question

Resolved! 3355 in large 1.3 deployment

Custom My Device/Sponsor portals with API - HA

AAA log size estimate

Time of day restrictions

Accounting-Stop Same PSN for Session terminate 1.4/2.0

TACACS with WLC

SUP32 PISA support with ISE 1.2 and 1.3

ISE 2.0 NAC agent stuck in loop

HP5500-HI + TACACS ACS (version 5.7)

Resolved! ISE 2.0 notification about failed TACACS authentications

Cisco ISE 3.2 and Cisco Secure Client with ISE Posture Issues

CX Cloud Agent

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

Default Route SGT

PX Grid Connector and Service NOW

CSCwo99449 - ISE Unauthenticated Remote Code Execution Vulnerability

Cisco ISE-PIC: How to Disable TLS 1.0 (and possibly TLS 1.1)?

isco ISE Posture – Cortex Compliance Check Always Showing as Compliant

Low Impact mode

Sync Configuration Between Two ISE Standalone Nodes