Network Access Control

ACS 5.3 Patch

Trying to install the just release patch 7 for ACS. Downloaded the release notes and am following them for patch installation. First thing I noticed is when downloading the patch although the file has a .tar.gpg extension, when I download it through...

IDFW AD Agent - DC status is "down"

I have set up an AD Agent on a 2008 R2 member server and added two 2008 R2 DCs through "adacfg dc create". Both DCs have account logon audit logging activated and they were working, showing status of "UP" when running the "adacfg dc list" for abou...

ACS 5.3 Secondary instance logs missing

Hi Folks,I have a dual appliance set up; with a distributed deployment. I am using my primary box as the log collector and I noticed today that if I point a networking device at my secondary instance for authentications nothing shows up in the logs a...

Resolved! ISE 1.1.1 Windows NAC client posture checking loop

Hi all,Just upgraded Cisco ISE to 1.1.1 in my lab/demo environment and am now having problems with a basic posture implementation. In short I connect to a wireless SSID and check posture based on the presence of a file. The NAC agent is declaring my ...

Replacing client IP by RADIUS attributes using a WLC

Hello.I'm trying to replace the client's IP in a wireless network using an IP configured in the RADIUS. We have tried with an ACS and now with a Microsoft's NPS and on both scenarios, i see in the WLC that the client should have the replaced IP but w...

ISE 1.1.1 - RegisteredDevices Identity Group

Working on building a ISE 1.1.1 system to match our internal security policies, and have hit a dilemma. Here goes:The requirement states that there need to be differing network authorization profiles for different device types: Domain PCs, Non-Domain...

Problem with work group bridge authentication with ACS 5.x

EAP-TLS authentication for workgoup brdige fails.Folloing is the log on ACSAuthentication failed 12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain12811 Extracted TLS Certificate message containing clien...

ACS v5.2.0.26.3 - AD Join/Rejoin/Disconnect Problems

Hi!I see under the Active Directory tab that the AD Connectivity status is suddenly set to Disconnected.But if I click the Test Connection button, the result comes back Successful.So then I'm stuck....Is there a way to rejoin the ACS into AD?I have d...

NAM and "unprotected identity pattern" not working as expected

Hi,I'm trying to test such 802.1x wired environment:windows xp sp3 as supplicantwindows NPS as radius server 2960 as authenticatorlatest anyconnect (3.1.01065) + nam and standalone profile editorI have a question:Could someone explain me the differen...

Rejected ACS local-certificate with surrogate CA

I'm going crazy because of clients rejecting ACS certificate.I have deployed successfully one ACS 5.2 in a HQ with EAP-TLS and PEAP and everything is working fine. There is only one main CA.Problem is while deploying another ACS 5.2 against another A...

Resolved! Cisco Secure Services Client v5.1 for Windows 7

hi all,i'm trying to download CSSC v5.1 for windows 7 but can only see support for vista.will the vista version gonna work for a win7 machine?

ISE NFR Allowed protocols

Hi all,I am trying to configure ISE NFR (installed on vmWare) - I had to start from the only available NFR version 1.0 - so I first made upgrade to version 1.1.1(acording to release notes there should be no problem with stright upgrade) then applyed ...

Resolved! Machine Authentication not working after workstation unattented ovr night - ISE 1.1.1 -

I am running an ISE 1.1.1 patch 2 and authetntication Windows XP machine using PEAP authentication with both user and machine authentication. The issue is that when a machine is powered on the machine authentication processes fine and the user authen...

Fail to edit ISE inline posture node after success register from Primary Node

Hi all, would like to ask what this error message mean? It appear after i successfully from primary node to register the inline posture node.thanksNoel

ACS 5.3 NTP offset increasing with NTP Server in same LAN

Im installing & configuring a new ACS 1121. Ive updated to version 5.3 with patch:Cisco ACS VERSION INFORMATION-----------------------------Version : 5.3.0.40.6Internal Build ID : B.839Patches :5-3-0-40-15-3-0-40-25-3-0-40-35-3-0-40-45-3-0-40-55-3-0-...

Network Access Control

Forum Posts

ACS 5.3 Patch

IDFW AD Agent - DC status is "down"

ACS 5.3 Secondary instance logs missing

Resolved! ISE 1.1.1 Windows NAC client posture checking loop

Replacing client IP by RADIUS attributes using a WLC

ISE 1.1.1 - RegisteredDevices Identity Group

Problem with work group bridge authentication with ACS 5.x

ACS v5.2.0.26.3 - AD Join/Rejoin/Disconnect Problems

NAM and "unprotected identity pattern" not working as expected

Rejected ACS local-certificate with surrogate CA

Resolved! Cisco Secure Services Client v5.1 for Windows 7

ISE NFR Allowed protocols

Resolved! Machine Authentication not working after workstation unattented ovr night - ISE 1.1.1 -

Fail to edit ISE inline posture node after success register from Primary Node

ACS 5.3 NTP offset increasing with NTP Server in same LAN

On-Demand Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Knowledge Hub: Cisco Technology for Securing the Enterprise

Cisco + Splunk: It's a new day for your data.

Announcing Resources That Guide You to Success

Cisco Identity Servide Engine(ISE) Admin Accounts

dACL don't working properly

Cisco ISE Entra-ID user attributes to match

Cisco ISE | PEAP Bad Password attempts for AD joined laptops

Security Zones

Keep session active after workstation reboot

Cisco NAC and MACSEC Switch connection

ISE 3.4 P1 - Open API no toggle button / not working

Alarms: Log Collection Error on Primary Admin device.

Guest user from email?