Network Access Control

Question about ISE and TACACS+

Hi team,I am looking for some help, my customer has to ACS for AAA of infrastructure devices, primary and backup, with database replication; also they have two ISE appliances: the first one, as monitoring role and the second one, as administration an...

Redirect Posture Cisco ISE

Cisco ISE 1.3. Problem: Some workstations are not doing posture, after observation noticed that the switches are to redirect to the ISE standalone (Secondary), but the primary be active. At this time turn off the secundary to return to normal operati...

Cisco ACS 5.4 and Nexus 7000

Hi I am trying to configure my Cisco ACS 5.4 via TACACS for Nexus 7000 (NXOS 6.2(2)). Following this documentationhttp://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115925-nexus-integration-acs-00.htmlBut when logging in...

Resolved! EAP Chaining with Cisco ACS 5.x and the Cisco Anyconnect NAM Client

Hi Guys,Whilst I’m well aware of the limitations of the built in the windows Wireless 802.1x supplicant. Is there a way, using the NAM client to authenticate both a computer and a user simultaneously, when used for authentication to wireless networks...

Resolved! Radius authentions with ISE - Live Authenications blown up with entries

Hello, We have a Brocade Load Balancer (ADX 1000) that is using ISE 1.2.0.899 Patch 1,2,7,12,13 as the radius server. When logging into the device via the web interface, it blows up the ISE live authentication logs. I do not see this behavior when ...

CISCO ISE API get client IP address

I am using the CISCO ISE REST API and I want to be able to get the client IP address. I have been reading the Monitoring REST API documentation here: http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/api_ref_guide/api_ref_book/ise_api_ref_ch1.htm...

configure Mac Authentication Bypass (MAB) in ACS 5.1

Hello,I am a newbie in ACS 5.1 and UAC.I configured a MAB Access Service, but I get the error in the Radius Monitorring: 15024: PAP is not allowed.However, I nowhere configured PAP. Any idea what I do wrong ?I did not configure any protocolls, just '...

Cisco ACS 5.x isn't sending a password reset prompt through RADIUS to my Pulse Secure MAG2600.

I have a pair of Pulse Secure MAG2600s that serve as my remote access (VPN) into my data center. I'm running my primary authentication for VPN access against OCSP checks and extracting the values of the CN and OU fields of the CERT to determine what ...

Secure ACS and Minimum Password Age

The IRS requires all systems that process sensitive personal information, such as social security numbers, to have the passwords protected with many things, one of them being a minimum password age of 1 day being set on all password. I cannot find h...

Difficulty Configuring a RADIUS server with a Cisco 2500 Series Wireless Controller

Hi AllWe are attempting to configure a RADIUS server with a Cisco 2500 Series Wireless Controller (AIR-CT2504-K9). Below you can see the configuration of the RADIUS sever on the controller, with the correct IP: Below is the configuration we have for...

Resolved! acs 5.8 vpn authentication using AD and External OTP server

Hi, is it possible to authenticate an user using Active Directory, internal database and OTP server for password? what i want to achieve is: - if the VPN user belongs to a specific group of our AD....perform the user lookup on that Group and if user...

ACS: two factor authentication using AD group/internal user, external proxy

Hi all, as far as you know, it could be possible to have two factor authentication in acs 5.x? What i want to achieve is: 1) if a VPN user try joint the network, a user lookup needs to be performed against a specific Group in AD, but the password ne...

Resolved! ISE (SNS-3415-K9) redundant NIC's

Hi all. can we connect one SNS-3415-K9 (ISE) to VSS switches . we have one ise (SNS-3415-K9) server can we connect one interface(g1) to switch1 and another interface(g2) to switch2 for Redundant and load balancing ..

Windows Single Sign-on using only LDAP server

I have an LDAP server, no radius server.Users need to authenticate when connecting to wireless (Cisco WLC 2504 and AP1702i).Can I have a single sign-on setup with the above devices or do I need a radius server ?

Cisco Secure ACS 5.2 Patch Installation Issue

I am trying to apply patch 5.2.0.26.10 to a newly installed Cisco Secure ACS Server. When I run the acs patch install command it fails.Here is my repos config:repository Update url sftp://10.134.52.115/ user id4sftp password removedsh repo Update ...

Network Access Control

Forum Posts

Question about ISE and TACACS+

Redirect Posture Cisco ISE

Cisco ACS 5.4 and Nexus 7000

Resolved! EAP Chaining with Cisco ACS 5.x and the Cisco Anyconnect NAM Client

Resolved! Radius authentions with ISE - Live Authenications blown up with entries

CISCO ISE API get client IP address

configure Mac Authentication Bypass (MAB) in ACS 5.1

Cisco ACS 5.x isn't sending a password reset prompt through RADIUS to my Pulse Secure MAG2600.

Secure ACS and Minimum Password Age

Difficulty Configuring a RADIUS server with a Cisco 2500 Series Wireless Controller

Resolved! acs 5.8 vpn authentication using AD and External OTP server

ACS: two factor authentication using AD group/internal user, external proxy

Resolved! ISE (SNS-3415-K9) redundant NIC's

Windows Single Sign-on using only LDAP server

Cisco Secure ACS 5.2 Patch Installation Issue

CISCO ISE Posture Report

Windows 11 EAP-TEAP "Action Needed" to Sign in

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

CSCwi06794 - Live log delay (RADIUS) - Regression for CSCwe00424

Default Route SGT

Cisco ISE Upgrade Issue: Config DB Upgrade Failed

Would one PSN node be enough to deploy for 5000-6000 users?

Newly built ISE 3.4 patch 1 configuration errors

Cisco ISE System 360 Log Analytics - Ingest External Logs

Cisco ISE Counter for Authenticated Guests does not count up