Network Access Control

Hello,We've an issue with authorization on NCS system. NCS successfully integrated witch ACS, but there is a problem with one user. All users have equivalent rights under root. There is shell profile with all possible tasks (exported from NCS server)...

Hi. I am running AnyConnect 3.1 with EAP Chaining/MSCHAPv2. On Windows 7 machines, MSCHAP works well, and pulls my cached credentials. But on Windows 8.1 machines, it prompts for user authentication, instead of using the cached credentials. The confi...

Hello,I am trying to implement macsec only for switch to host segment. I am following below document but still the user is not able to connect.http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/117277-config-anyconnect-00.htmlThe only diff...

System ACS 5.4The following happens with both Cisco and HP switches that we have setup for port authentication using ACS for radius.We also use Mitel phones. Ex. we take port authentication of the switch to do mainteance and when we reapply this the ...

How do we migrate from a two node ISE installation where the primary ISE has IP address A and thesecondary has IP address B to a six node ISE distributed installation with one primary admin ISE,one secondary admin ISE, one primary monitoring ISE, one...

Understanding  ISE and dACL. I don't understand correlation between ACL and dACL. If dACL is downloaded to the Catalyst switch what is the status of the ACL attached to physical port. Is dACL appended to the existing ACL? When I typed ‘sh ip access-l...

Is it possible to clear / delete an live session on the ISE (1.2)? There are some sessions which are really old and for sure not live or active.

Dears,I configurated Eap-fast authentication  on Cisco ISE for wired users. Wired users authenticate normally. Now I want to use NAC agent. Is it possibly to use both of them NAC agent and Eap-fast(Cisco anyconnect network )?  

Hi All,I'm trying to configure ISE so that a local site administrator can only edit devices and users in his location, and only view reports/authentications for users at that location. I've tried setting the data access permissions to only view his l...

Dears,I have ipad and authenticate from ISE. In our company someone is hacker  and have the same model of ipad and put my ipad mac address in his ipad. Can he connect to network?? He also know the username and password.How ISE identify the hacker ipa...

Hey all,It would appear that from the amount of times this has been brought up, its still an issue!I have a Nexus 7k that needs TACACS auth to a Cisco ACS 5.4, but everytime i do it sticks all of us users into a default role of vdc-operatorI have cre...