Hi , I have a little issue with the tacacs config i'm using on a 800 routerCisco IOS Software, C880 Software (C880VOICE-UNIVERSALK9-M), Version 15.1(1)T3, RELEASE SOFTWARE (fc1)this is my config : enable secret 5 $1$MIIf$bu0Fy/LyqPkMWiq4oEtGk0!aaa n...
Forum Posts
Resolved! ISE License
Dears, could you please support me on this one of the customers has two ise nodes 3515 and 3615 with base license 500 node and he needs to increase the license with esthetical which is the replacement for the base, the quantity needs to be increased...
Hello everybody;As you know, we have several methods available to create conditions for our authorization policies, some of which are more preferable than others. For example, using "Normalized Radius: SSID" is more preferable than "Called-Station-ID...
Resolved! ISE SNS 3715 use of 10G Fibre Interfaces
Hello, I have a new ISE SNS-3715 server appliance. I want to use the onboard 10G fibre interfaces. By default, while initializing ISE, it took the 10G UTP interfaces and came up. How do I switch to 10G fibre interfaces (Gig 2 and Gig 3). I am running...
Resolved! Cisco VSA for dACL
Hello All,We've recently just moved to Windows NPS (*from ISE... sad face...) and I'm trying to include a Vendor Specific Attribute to push an ACL name using "Cisco-AV-Pair" attribute.I was able to successfully push "Cisco-AV-Pair" to desk phone clie...
Hi,We are experiencing an authorization issue when entering a certain command in our global config on to fresh switches via the console cable.Switch Model = 9300Switch Ver = 17.9.4aAlthough this seems to be happening on other switches and versions as...
Resolved! OCSP and Live Logs
I have a customer who has laptops with a VPN client and a certificate issued via SCEPMAN. The VPN client connects to Netmotion which in turn sends a radius request to the ISE for the client certificate to be checked against SCEPMAN and the result pas...
What is the difference between L-ISE-TACACS= and L-ISE-TACACS-ND= part numbers? The price difference is $4K list vs $6K list respectively. Also the latest ordering guide references. L-ISE-TACACS= as a legacy part #? No results via Google, no EOS,...
Dear Community,We use cisco switch model c9200l and on boarding in ISE dashboard.We also config IP ISE server on switch level.Could you provide the good practice how to check connectivity with below info.- From switch to endpoints ( PCs) ( MAB profil...
Resolved! Posture and Network acess(ISE)
If same set of devices are referenced in a posture policy set and normal wired/wireless policy sets with different authorization profiles ,to which policy set does it match?
Hi,I read few discussions on manipulating the routing table of ISE, especially when some servers, like RADIUS, are reachable out of a different interface. For such cases, somebody suggested to use static routes and even a second default gateway.As ar...
Hi all;What really the following option does:Thanks
Resolved! ISE TC-NAC - secure endpoint
Hi, I'm new to ISE world and I actually started few days ago watching the webinar on cisco learning network. Not sure If I'm getting this right. Last section i saw was discussing about RTC and TC-NAC. From what I understood in RTC ISE is doing remedi...
Hi, last week we migrated to ISE 1.2 Patch 7 and since then we are having trouble with our corporate SSID.We have a rule that says :1) User is domain user.2) Machine is authenticated.But for some reason that I can't figure out some machine(I would sa...
Resolved! Cisco ISE Certificates
Hi,I'm new to Cisco ISE and I'm trying to get my head around how it all works.Can I ask, how do you know which certificate in ISE a computer will authenticate against?I'm setting up ISE to use EAP-TLS using a trusted root certificate and I have the c...
