Network Access Control

We are trying to leverage XenMobile with ISE and have it added and it Test successfully.  Devices have already been enrolled into MDM, we are wanting to query the MDM to determine if the device is Registered, JailBroke, etc to determine access.  In t...

I have a Cisco Prime server (version 2.0) and an ACS server (5.6)I am using the ACS server to authenticate my users, via TacacsI have some of my users being authenticated as Lobby AmbassadorsI have used the bulk import to create a shell profile and t...

Hi ,I want to understand the scenario of Access point Authentication and LAN Authentication. I am able access internet & intranet, by providing my credentials of captive portal on  AP - SSID.Then, at the same time when i plug-in  the LAN Cable , and ...

I'm playing around with ISE 1.3 and the self provisioning flow.  I'm able to provision a Windows client, but an iPhone or iPad with IOS 7.1.2 gives me an "unsupported browser" error when I try to sign on.  I have an IOS client provisioning profile se...

Hello,i have an ACS 5.4 in use. The used Authentication Protocols are TACACS.When i want to authenticate a normal router 2921 with Mac-Address,i try to configure a  router 2921 on ACS5.4 to authorize ACS internal user,but the autehntication reject th...

Hello Community,i have some troubles about my VG202XM as dot1x supplicant. I have found some informations to configure a normal router as a dot1x supplicant. But this commands are not work.The tested way was:enconf tdot1x credentials testusername tes...

Hey all. Seems like this should be an easy question, but after doing some reading, I'm still a little confused.Can I authenticate a windows computer against ISE using EAP-TLS with a computer-only certificate and stay authorized when the user logs in?...

Hi Experts, Could you please give me the right way and step to configure ISE 1.3 built in CA for EAP client auth. I'm trying to complete my dual SSIDs procedure. My configure may has some missing config on Certificate section. That make client can no...

hi,I have configured ise and redirection is working fine but I an having a challenge separating guest traffic from corporate traffic.I have attached a summary of my scenerio.

When attempting to configure an NTP authentication-key in the Cisco ISE CLI I noticed that it will not accept an md5 hash of 32 characters (16 bytes). Instead it is expecting a 40 character (20 bytes) hash. That is in line with a SHA-1 hash, not an M...

On the NAC agent, we can configure a discovery host manually.  Can it take multiple IP addresses? I've tried using semi-colon (;), colon (:), and comma (,), but the NAC agent won't send any discovery packets if these are configured. In my particular ...

HiTrying to figure out if there is a way to have a switch authenticate devices from two different domainsFor example   Computer A is in Domain A  Computer B is Domain BComputer A is connected to f0/1 computer B is connected to F0/2I am thinking that ...

Hey!I am having difficulties implementing Mac-auth on selected ports between an HP ProCurve 2510 and Cisco ACS 5.3.The 802.1x works just fine, but for selected ports I need to implement port-access with MAC-based authentication instead of regular 802...