Hello,Structure, - domain network- dynamic VLAN assignment (Microsoft NPS) but for some testing purpose in the example below is used static vlan assignment - Catalyst access switches (C2960X C9200)- "local domain joined" computers (dot1x authenticati...
Dear Community, To prevent from Cyber Attack / advanced attack we are checking to enhance more security with ISE. Hence, we would seek your support and advice how to tuning stronger defend and how to detect/blocked/dropped for untheorized devices ( ...
Dear All,I have multiple vlans in my core switch along with VLAN A in my Core switch and only this vlan A is extended to a DMZ downstream switch. VRF is created for that VLAN A in downstream dmz switch and route is pointed to VLAN A;s SVI of core swi...
I need to prevent a Cisco 2960 switch from sending accounting information that is not related to 802.1x session to a radius server. Currently, I have the switches configured with radius authentication and accounting, but it is not enabled at the inte...
Hi All,I'm facing an error from ISE 3.1 version that "Backup failed to copy to repository failed".SFTP server account password expired and we have done the password reset.Will this would be an issue that backup can be failed? Will this issue can be s...
which configuration should I do to add more than one radius server on cisco switches note that I have to add Primary ISE IP, Secondary ISE IP and the HA IP Thanks.
Hello,since we've updated ISE to 3.3 p2 we have some Problems with snmp v3.on the prod devices (SNS 3615) it was ok after Firmware Upgrade, but on the Test (VMWare) I can get snmp v3 to work:snmp-server enable snmp-server contact some-adress snmp-ser...
We are trying to implement Agentless Posture ( ISE 3.1 Patch 8 ) in our environment. However, there are some concerns that are raised by risk assesment team regarding some of the configurations. 1. Why the account configured for posturing (under Endp...
Dear Community, We use ISE 3.1 1. Primary Admin Node - DC Secondary site 2. Secondary Node and pxGRID Node - DC Primary site We are planning to perform test ISE functionality to ensure current Node can handle all sessions by disconnect for 1 of DC li...
hello, when i configure the sponsored portal and specify the URL for this portal, which IP will I put for this URL on my DNS to reach it ??
HICan i set up a Wirelss Guest Network without using any Portals (hotspot, self registered) I have recntly had a visit to a fast food restaraunt and I connected to their Guest SSID and was just granted Internet access without any Portal/AUP etc, wou...
Dear Community, While ISE 3.x versions by default use TLS 1.2, so cannot find an option to enable TLS 1.3. To avoid the use of weak cipher of TLS 1.2, do you have any recommend /advice to keep it secure like protocols CBC, RC4,DES...or else? In case ...
Hello.There is a need that specific end clients can connect/authenticate(EAP-TLS) on RADIUS via specific NAS/Authenticators.It can be a 1:1(One end client allowed through a specific NAS only) or 1:Many(One end client allowed through multiple NAS) rel...
Hello,I have Cisco ISE cluster 3.2.0.542 and we brought up SFTP server on some Windows machine I can validate SFTP server from ISE, and can start a backup process, but it fails at 75%, here are the logs: ciscoise01/admin#backup testbackup repository ...
I'm working on upgrading our ISE deployment from 2.7 to 3.2. We currently have a 4-node production deployment of ISE 2.7 - (2) PAN/MNT nodes and (2) PSNs. I've already installed ISE 3.2 onto new VMs and am at the point where I would like to restore t...
