Network Access Control

Ask Me Anything- ISE Integration Insights

Welcome to the Cisco Community Ask Me Anything EventWe invite you to participate in our upcoming Ask Me Anything (AMA) conversation. Please submit your questions from Thursday, April 23, 2026, through Thursday, May 7, 2026. Our experts Miguel Martine...

CWA using ISE and mobility anchor

My team is trying to demo wireless guest access using CWA with an ISE server. We appear to be hitting an issue when combining this with mobility anchoring.When we don't use a mobility anchor the authentication goes off without a hitch seemingly prov...

Resolved! ISE for Mobiles

Hello every body...I have ISE appliance integrated with Active Directory to authenticate the users , and i have WLC integrated with the ISE also.the integration done successfully , and now any user want to access the network through the WIFI ( Dot1x)...

Resolved! Distributed system with different hardware

GreetingsI would like to know if I can create a distributed system with 2 different ACS appliances/instances (1121 and 3415) with same version. If not possible I would like to retrieve the configuration(Network devices and AAA client, command shell ...

Cisco Secure Network Server 3415 and 3495

Hi all,We plan to buy ISE. Please, find below some details- The number of users is about 800 and i am a bit confused if we should order SNS 3415 or SNS 3495 (I see in some documents that the max user for SNS 3415 is 200 and I would like to have confi...

NAC Topology

Hi, I am planning to deploy NAC(802.1x) in my office. I currentlly have 1 3550, few non-managable switches and few Wireless AP (Doesn't support NAC). My uplink is connected to 3550. All the non-managable switches are connected to 3550 and AP are c...

Simultaneous Login VPN

Hello,in ACS there is a configuration with radius request "simulataneous login=1". If I hold a vpn session for a time x another user (X) can login with the same user data during the connection. After user (X) is connected and my active session was ca...

ISE 1.2 / WLC 5508 EAP-TLS expired certificate error, but wireless still working

Hi I have a customer that we've deployed ISE 1.2 and WLC 5508s at. Customer is using EAP-TLS with and everything appears to setup properly. Users are able to login to the network and authenticate, however, frequently, I'm getting the following erro...

Weird TACACS issue after upgrading to IOS 15 - periods in username replaced with underscores

I ran into a weird issue tonight when upgrading some 4948E switches. I upgraded 4 to 15.1(2)SG - cat4500e-ipbasek9-mz.151-2.SG.bin.2 of them directly connect to firewalls so management stayed on SVIs but the other two were going to be migrated to use...

Resolved! ACS 5.2 - Swapping CLI and DNIS values.

I am running ACS 5.2 (more detail below) eval demo version for a proof of concept and noticed an oddity.. It appears that if you create a Endstation Filter and click the CLI/DNIS tab, click Create and then click DNIS and enter your info ex: *coolssid...

Import Steel Belted Radius users to ACS

Is there a method to import SBR (local) users into ACS? Perhaps via some intermediate tool? The SBR exports will contain one-way-hashed passwords, so the question is really whether there is any method to import ACS users with these?

Xauth on ise for lan pcs

Hello,Is it possible to do multiple authentications for a LAN communication on ISE 1.2 ?My local clients are being authenticated through eap-tls currently. So i want to have them authenticatdd also through User & Certs

Performance of ACS 5.2 1121

HelloI will integrate ACS 5.2 (appliance 1121) as a TACACS, to provide AAA services for the adminsitration of a big number of switches and routers.I need to know:¿How many authentication / seconds does it support?¿How many IPs (endpoints) is suported...

MAC OS machine authentication

any help about configuring MAC OS to work with ISE and 802.1x machine authentication?

Configuring ACS 5.4 to authenticate Role Based Access Control (RBAC) users on a Nexus 5000 via TACACS+

There is a great document on the site for configuring ACS 5.X to authenticate voa TACACS+ but with 5.4 - there is possibly an extra step required. https://supportforums.cisco.com/docs/DOC-14273In 5.4 where you map the Shell Profile to the Authorizati...

Resolved! MSFT CA vs. ASA built-in CA

I'm trying to setup VPN users to authenticate with digital certificates as part of 2 factor authenication. With a 5510 (upgrading to 5515) with access to Microsoft 2008r and 2012, Which would be a better fit the Microsoft service or the built-in CA s...

Network Access Control

Forum Posts

Ask Me Anything- ISE Integration Insights

CWA using ISE and mobility anchor

Resolved! ISE for Mobiles

Resolved! Distributed system with different hardware

Cisco Secure Network Server 3415 and 3495

NAC Topology

Simultaneous Login VPN

ISE 1.2 / WLC 5508 EAP-TLS expired certificate error, but wireless still working

Weird TACACS issue after upgrading to IOS 15 - periods in username replaced with underscores

Resolved! ACS 5.2 - Swapping CLI and DNIS values.

Import Steel Belted Radius users to ACS

Xauth on ise for lan pcs

Performance of ACS 5.2 1121

MAC OS machine authentication

Configuring ACS 5.4 to authenticate Role Based Access Control (RBAC) users on a Nexus 5000 via TACACS+

Resolved! MSFT CA vs. ASA built-in CA

Bulk Update Fails for customAttributes - Is it supported?

UserPrincipalName not showing in ISE Log for certain user

CISCO NAM installation by iso generated by System Center

can i USE 2 CISCO ISE posture policy in same time with 2 Anti malware

High Response time for Entra ID TEAP with ISE

Certificate Services OCSP Responder nearly expired

ISE databases - which one has the endpoints?

port-based network access control for Data Center - 802.1x (yes or no)

Cisco ISE-V-3.3.X: CSCuj78705 >Schedule Report Attachment through mail

Trying to Upgrade a ISE 3.3 Ptach 9 to ISE 3.5 Patch 2 upgrade issues