Network Access Control

NAC incorrectly identifies AV

We are using the AnyConnect client (v3.1.04063) and NAC agent (v4.9.3.5). Some of the clients are not successfully detecting that one of the NAC requirements is present (Microsoft Systsem Center Endpoint Protection - is installed and updated to withi...

How can i backup AAA log and restore AAA logs ? Thanks

ACS version: 5.4Because the audit requirements, AAA logs to be backed up more than 1 year.I used backup-logs command, but backup file is xxx.tar.gpg, i don't know how to view it ? I use "acs restore" and "restore" command faild.I want to backup AAA ...

ACS 5.4 drop authentication attempt rule

I want to create rule in ACS that will drop authentication attempts from a certain IP address so that it will force the device to move to it's secondary auth server.I used to create a dead route on the Server when we had it running on 3.3 and im wond...

Vendor specific in RADIUS NAP Enforment

Hi All,i am testing a lab enviroment to deploy NAP using Windows server 2008 with NAP Role enabled and RADIUS refering to a 3560 Access switchi can get authorized on my port:interface FastEthernet0/11 switchport mode access dot1x pae authenticator...

Cisco ACS Policy Mapping

Hallo,I have a question about the policy mapping in ACS 5.4.When a request matches in "Access Selection Rule" the request goes to an "Access Service".In "Access Service" there are three kinds of policy rules:- Identity:If condition match then result ...

ACS 5.x how do i limit who can authenticate to devices when using AD

Hi everybody,I am deploying ACS 5.4 and i configured AD as an external database and configured authorization based on the group. but right now anybody can authemticate to the device using their AD creds, they get assigned to the deny all commad set, ...

Resolved! Cisco Security Manager license key

Hi,We have installed the Cisco Security Manager version 3.3.1 years back and now want to reinstalled it on different server, but don't know the license key. Please guide that how we can find the license key.Thanks

Unable to login to ISE 1.2 via Cli

Hi,I have a weird problem; after changing the default admin password on cli and rebooting the unit; i am no longer able to login via cli. Instead I get the following message: % Error: Unable to launch ADE-OS shell. Disk full.The ISE is running 1.2 wi...

ISE-switchport session remain authenticated

I am facing a problem during deployment. Customer is using Avaya IP phone. If an autheticated workstation/laptop shift from one phone to another, the old switchport session remain there. The laptop acquire IP from new phone but even fail to ping gate...

Resolved! ISE posture requirement to check if endpoint's USP port is disabled

Hi,I wonder if it is possible to set the disabled USP Port in the endpoints as a requirement in ISE Posture ?Appreciate your input.Mike

Resolved! Caching credentials for webauth in ISE 1.2?

We are providing internet access through a Guest portal. The portal is provided by the ISE through webauth and the user is created through the ISE Sponsor Portal. When an account is created and the enduser logs in to it, I would like for the ISE to c...

Resolved! Cisco ISE Guest Portal - DNS Issue - External Zone

Hello,I have a customer that has the following sceanrio :In a wireless deployment and a Cisco ISE 1.1.3 deployment with CWA, when the wireless guest receives the redictect URL from ISE (URL to access the ISE Guest Portal), this URL is based on the...

does anyone know what this is ??

I don't know since when its there but I just found it out.but I could not find any information of it on User guide and release notes.

Resolved! Strip multiple @domain used in username on AD Integration with Cisco ISE?

Hi there ,How to strip multiple domain suffixes from username through ISE with AD being used as external Identity Source. Username is being used in username@domain format.Cisco ISE 1.2 patch 4 introduced strip prefix or suffix @domain realm from user...

Resolved! Cisco ACS AD authentication

Hi there !Im currently deploying Cisco ACS 5.4 on our netwrok and im looking into some extra measures to secure authentication and authorization to devices.I would like to ask if anyone has tips on the following since i may have been confused myself ...

Network Access Control

Forum Posts

NAC incorrectly identifies AV

How can i backup AAA log and restore AAA logs ? Thanks

ACS 5.4 drop authentication attempt rule

Vendor specific in RADIUS NAP Enforment

Cisco ACS Policy Mapping

ACS 5.x how do i limit who can authenticate to devices when using AD

Resolved! Cisco Security Manager license key

Unable to login to ISE 1.2 via Cli

ISE-switchport session remain authenticated

Resolved! ISE posture requirement to check if endpoint's USP port is disabled

Resolved! Caching credentials for webauth in ISE 1.2?

Resolved! Cisco ISE Guest Portal - DNS Issue - External Zone

does anyone know what this is ??

Resolved! Strip multiple @domain used in username on AD Integration with Cisco ISE?

Resolved! Cisco ACS AD authentication

Is it possible to do 802.1x Authentication for Entra ID Joined Machine

ISE Deployment patching

pxGrid Certificate-Based Authentication - 503 Service Unavailable

ISE Posture – Long boot and no network access

External MDM heartbeat interval and Azure Public IP idle timeout

ISE Patching

Help with Cisco ISE Deployment – Main ISE in Europe, Remote Site in US

Delete alarms last occured in Cisco ISE Dashbord version 3.3

ISE 802.1x PEAP-EAP-TLS Auth with Entra ID ISE 3.5 Availability

Cisco ASA ip helper for lab