Network Access Control

Resolved! ACS - LDAP or AD

Hi PPL,Currently i have 4 ACS's synced with AD.Due to security concern we thinking of going to LDAP.I can't find exactly what i'll lose/gain on each method.Can someone provide more information ?Thanks!

ACS 5.4 High Availability

Hi,I am for documentation for HA for ACS.Please help in getting me the document for the same.Thanks,Nitesh

mac auth bypass with freeradius problem

Hi,I'm experiencing a problem with mac auth bypass in a catalyst 3560, i connect a phone and a pc to a port and both getauthenticated and working but the phone keep reauthenticating and the console show this error:*Mar 1 02:10:34.221: %MAB-5-SUCCESS...

Resolved! ise cert

When I generate a cert and use THAWT tiral version to try out the cert, the request as I copy - paste it says:The CSR must include an Organization Name.I am using ISE 1.1.1https://ssl-certificate-center.thawte.com/process/retail/trial_product_selecto...

Cisco ACS 5.4 Administrators for Identity Groups

Hello all, I am in the process of migrating from ACS 4.3 to 5.4, in the previous version of ACS I had administrators that were assigned to groups in which they could manage. I am looking for the same functionality in the new version but I have not ...

cisco AP disable PEAP server certificate validation

Hi,My question if it is possible on Cisco 1600 AP's to disable the server certificate validation on a dot1x peap authentication method (please provide if any the appropiate CLI)I now the in PEAP for a PEAP user implementation you want to validate t...

IEEE 802.1x with EAP-TLS issue in cisco 2960

In My Cisco 2960 switch is not working with EAP-TLS mechanism of 802.1x but its works well with other protocols like EAP-PEAP or MAC Address authentication.Below is the configurationaaa authentication login default group tacacs+ localaaa authenticat...

ACS 5.4 and machine authentication

Hi,I am installing ACS 5.4 for WiFI user and using EAP-TLS/ certificate based authentication.I have Authorization profile created as shown in attachement.Under authorization profile i have selcted "Was Machine Authenticated=True"Condition.Somehow cli...

ISE 1.2 Guest Portal - This device has not been registered.

I have setup and SSID on my WLC. I got the redirecting to my ISE guestportal working.However when I sign in I get a Device regitration Page "This device has not been registered"Unable to obtain the user information needed for network access.The devic...

Resolved! Cisco ACS 4.2 one user in multiple local groups

Currently i have group mapping like thisACS Groups Window Groups Grp-A-B Grp-1 and Grp-2 Grp-A Grp-1 Grp-B Grp-2For example currently one user test1 is part of both groups 1...

How to use ISE Guest Portal for AD users

Hi there,As subject explains all, I want to use ISE Guest Portal for my domain users. I have tried many different ways to authenticate users and finally I came to the conclusion that ISE CWA works pretty well and is very stable. WLC Webauth sucks...

Identify WLAN via RADIUS Attribute in ACS 5.4

Does anyone know how to identify which SSID the user is attempting to authenticate with? My use case is this: I have an Inside network tied to SSID 1 and a Outside Guest network tied to SSID 2. Both WLANs are using PEAP w/MSCHAP v2 and they are au...

Removing Certificate

I have an ssl certificate that shows in the cli of my ASA5505 but not in ASDM. The certificate is not used anymore and is not associated with a trustpoint. Does anyone know how I can completely remove it?

Resolved! Cisco ISE 1.2 and AD Group

Hello,I have Cisco ISE installed on my EXSi server for my test pilot. I have added several AD groups to ISE as well.I have created an Authorization policy condition, which is WIRELESS_DOT1X_USERS (see screenshot)Basically, I just duplicated the defau...

Securing TTY lines

Hello Everyone! Long time reader first time poster on the Cisco Support Forums. I have found myself in waters where I could use some help and use some direction on where to get started. (It may not be possible for all I know!)We have a Cisco 3660 rou...

Network Access Control

Forum Posts

Resolved! ACS - LDAP or AD

ACS 5.4 High Availability

mac auth bypass with freeradius problem

Resolved! ise cert

Cisco ACS 5.4 Administrators for Identity Groups

cisco AP disable PEAP server certificate validation

IEEE 802.1x with EAP-TLS issue in cisco 2960

ACS 5.4 and machine authentication

ISE 1.2 Guest Portal - This device has not been registered.

Resolved! Cisco ACS 4.2 one user in multiple local groups

How to use ISE Guest Portal for AD users

Identify WLAN via RADIUS Attribute in ACS 5.4

Removing Certificate

Resolved! Cisco ISE 1.2 and AD Group

Securing TTY lines

Default Route SGT

PX Grid Connector and Service NOW

ISE Posture: secure client stops posture synchronization

Posture Script Condition–Fails to Connect When SHA-256 Fingerprint Add

Is it possible to use "PostureOS" attribute in ISE Profiling Policy

Dynamic Vlan -Voice using Cisco ISE

ISE Dot 1 X Authentication

Problem with PSN ISE node (error 5405 Radius session drop)

Update DNS in ISE really this hard/bad?

ExternalGroups in REST ID (Azure AD) in Authorization Policy