Network Access Control

Hi,I have one ACS 5.4  integrated with my AD. And i want to map  Radius IETF Filter-id attribute to a specific  AD group that  AD user belongs.For exemple i have one AD user: user1 that is member of AD groups:  Domain users group  and Group1.   In th...

Hi all,I saw that without large deployment add-on license the appliance can support up to 500 AAA client. Is that concurrent or total? E.g. customer might have 2000 AAA client but only 400 clients will authenticate. So in this case do I still need to...

ISE 1.2 Patch 2VWLC 7.4.100.0Specifically flex connect APsWe have successfully built the first self registration MAB'ed Z policy which authorizes all MACs to hit the CWA and a redirect. WIth Flex you must have an IPV4 and a Flex ACL on the controller...

Hello, I'm confident I already know the answer to this question but I want to be sure.I am moving a large number of Cisco devices to a new TACACS server, is there anything that can be done to allow local login if the new TACACS server is reachable bu...

Hi guys, We were trying to run the "ip ssh rsa" command on a Cisco 7600 router however it is not supported. We wanted to  perform this without having to modify the existing crypto rsa keys. Is there any equivalent command for "ip ssh rsa"?

When exporting endpoints, are you able to export all columns? I need to have the IP Address column included when I export, but when selecting "Export All", it exports only MAC Address, Endpoint Policy and Endpoint Identity Group. Is there another way...

Hello,we have placed the ISE in a DMZ. The NIC 0 is used for Administration of the ISE.The Switches send their RADIUS requests to the ISE via an out-of-band-management network which is connected to the DMZ though a Firewall.What if I want to use CWA....

Hi,We've an ISE cluster of two ISE nodes.The ISE guest server works fine on the primairy ISE node.MAC address of the guest client is set in the map 'GuestDevices' after accepting the AUP policy.The the ISE sents the COA and the client authenticates a...

I have AP's Profiled in ISE without problem but the AP keeps sending a DHCP release message. It only does this when ISE is applied to the interface. The interface config is at the bottom. Keep in mind despite the vlan of the switchport I have ISE pul...

hi All,I have NAC 4.8. I facing the problem that the NAC Agent cannot detect SMS Agent Services (ccmexec), here the screen shot:configuration: NAC Client Log can be download here:https://drive.google.com/file/d/0B9ShGyy3UzoeejlvZ2MwVVo2V1U/edit?usp=s...

Hi All,All of the recommended design (single SSID, Dual SSID) for BYOD requires PKI infrastructure for providing the certificate for the employee's personal devices. I understand how this works.But my question is, can't we have a BYOD solution withou...

We are implementing wireless BYOD using Cisco ISE 1.2 and WLC 7.4x. We are using PEAP / MS-CHAP v2 for wireless security. We are able to on-board iOS, Adroid, and MAC OS endpoints using single SSID and Native supplicant provisiong seems to work fine ...

Hi,We are facing the issue with adding CAS server in the CAM manager. While Adding CAS server to CAM manager ; we are getting Failed to add server: Could not connect to 172.22.105.13 error on the CAM manager. FYI, We have added CAS server certificate...

I installed AnyConnect 3.1.04063 on a win7 box. It's set up with two admin-defined wired network profiles: One for EAP-TLS machine auth and one for unauthenticated access. The EAP-TLS autheticated just fine when connected to a corporate-owned switch,...