Network Access Control

AnyConnect NAM does not remember my WiFi settings

Hi,Used Cisco AnyConnect for my SSL VPN for ages. Added NAM to also have it manage my 802.1x Wired and Wireless access. I find that NAM is not remembering my WiFi settings. I need to re-enter the same settings when I connect to the network.Is this a ...

Resolved! ACS 5.4 Access Policies Problem

Hi Gents,I've been trying to troubleshoot this for a long time but I'm out of ideas now. here is the topo. I've got a Cisco ACS 5.4 VM used for Radius Network Authentication with a Cisco WLC 7.0, I've done the initial setup and all the rules, everyth...

When WLC will dACL from ISE

Hi all ! We are used ISE for aaa our users, but our problems is not simple configuration ACL for users access on WLC,When Cisco make support dACL on WLC (not airspaceACL), it's very important.Because using GUI WCL for create ACL with limit 64 entry, ...

If upgrade ACS from ver 5.1 to 5.2,whether it's need or not to buy a new license?

For some special needed, I need to upgrade ACS form 5.1 to 5.2.And with a ver.5.1 license.So it is necessary or not to buy license to run ver. 5.2?

Resolved! ISE Guest-Account Single-User Multiple Logins

Hello,How to make ISE to only allow one guest-user account login at a time. the actual issue I have is- when I give one Guest user-id to someone, he can circulate that user-id with others and multiple unauthorized guests can use that single user-...

AAA authentication login

Hi,in Cisco IOS Security Command Reference (link here), page 66 it says:The following example shows how to create an AAA authentication list called MIS-access. This authenticationfirst tries to contact a TACACS+ server. If no server is found, TACACS+...

What's the difference between "login block-for X attempts X within X" and "security authentication failure rate X"?

What's the difference between, just for example, "login block-for 100 attempts 15 within 100" and "security authentication failure rate 3"?Please ignore the numbers, I need to know what the differences are in commands and what they do, what they affe...

Resolved! Why would anyone use Authentication Header in a transform set ?

I came across a configuration that uses an IPSEC transform-set of ah-sha-hmac esp-3des. This is a Cisco router, and it is running inside an MPLS tunnel. Since ESP does all of what AH does, are there any good reasons to use AH?

ACS 4.2 users import

hi ,i want to import users to ACS 4.2 with the static ip address assigned to every user.i have found the format of the file to add users but i did not find how can i add the static ip to this file.ADD:Dchira:CSDB:backup:PROFILE:4

ISE deny access to Android devices

I have a customer who likes to deny access to any Android devices on its guest service. (The network has an anchor WLC, the authentication is set as LWA)First I tried setting a simple AuthZ rule indicating "if Device-OS equals Android, then Deny Acce...

Cisco ISE 1.2 Patch 8 with Roaming User Profiles

ISE 1.2 with patch 8 has been installed and Works fine.Using AnyConnect Secure Mobility Client (NAM) 3.1.04072 and Cisco NAC Agent version 4.9.1013Scenario is EAP Chaining which does machine authentication + User AuthenticationAfter NAC Agent Pops up...

Site to Site VPN's with external group policies

Is it possible to have Ikev1 Site to Site VPN's with Cisco ASA 8.4(3) using external policies from an ACS 5.2?I currently have many site to site VPN's with internal group policies and different set of firewalls with the same rules, so changing one st...

Cisco ISE 1.1.2 and Certfication Revocation List (CRL) checking

All,I have 4 ISE appliances version 1.1.2 running in my networ called nodeA, nodeB, nodeC and nodeD. - NodeA is Primary Admin and Secondary Monitoring,- NodeB is Secondary Admin and Primary Monitoring,- NodeC is Policy node,- NodeD is Policy node,T...

Resolved! How to do .1x port based network access authentication through ACS

How to do .1x port based network access authentication through ACS.

Cisco ACS 5.5 HA & SSL Certificate

Hello,I'm in the process of setting up Primary & Secondary ACS 5.5 servers and need to assign a SSL certificate from our internal CA to each one of the nodes.Is it possible to generate a CSR with a SAN field? Regards

Network Access Control

Forum Posts

AnyConnect NAM does not remember my WiFi settings

Resolved! ACS 5.4 Access Policies Problem

When WLC will dACL from ISE

If upgrade ACS from ver 5.1 to 5.2,whether it's need or not to buy a new license?

Resolved! ISE Guest-Account Single-User Multiple Logins

AAA authentication login

What's the difference between "login block-for X attempts X within X" and "security authentication failure rate X"?

Resolved! Why would anyone use Authentication Header in a transform set ?

ACS 4.2 users import

ISE deny access to Android devices

Cisco ISE 1.2 Patch 8 with Roaming User Profiles

Site to Site VPN's with external group policies

Cisco ISE 1.1.2 and Certfication Revocation List (CRL) checking

Resolved! How to do .1x port based network access authentication through ACS

Cisco ACS 5.5 HA & SSL Certificate

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

ISE Posture Patch Mgmt Windows Update Agent Definition check issue

Cisco ISE 3.1 WLC Captive Portal - AUP Error Apple Devices

.

"Change Password" functionality

Cisco ISE - ANC leveraging integrated AMP - Isolation

CiscoISE policy applying on switch problem

15024 PAP is not allowed

Cisco ISE: Sponsor decide duration by Approval

ISE - Sponsor Approved Guest Access

ISE - Registered Guest Device Endpoint MAC Database