Network Access Control

New ACS appliance not showing FQDN hostname in GUI

I've installed two new ACS appliances in our environment running 5.3. I've just configured the basics to get it on the network (ie DNS, default GW, IP address). Looking at both running configs, they are identical with exception to the IP addresses....

ACS 5.3 Patch

Trying to install the just release patch 7 for ACS. Downloaded the release notes and am following them for patch installation. First thing I noticed is when downloading the patch although the file has a .tar.gpg extension, when I download it through...

IDFW AD Agent - DC status is "down"

I have set up an AD Agent on a 2008 R2 member server and added two 2008 R2 DCs through "adacfg dc create". Both DCs have account logon audit logging activated and they were working, showing status of "UP" when running the "adacfg dc list" for abou...

ACS 5.3 Secondary instance logs missing

Hi Folks,I have a dual appliance set up; with a distributed deployment. I am using my primary box as the log collector and I noticed today that if I point a networking device at my secondary instance for authentications nothing shows up in the logs a...

Resolved! ISE 1.1.1 Windows NAC client posture checking loop

Hi all,Just upgraded Cisco ISE to 1.1.1 in my lab/demo environment and am now having problems with a basic posture implementation. In short I connect to a wireless SSID and check posture based on the presence of a file. The NAC agent is declaring my ...

Replacing client IP by RADIUS attributes using a WLC

Hello.I'm trying to replace the client's IP in a wireless network using an IP configured in the RADIUS. We have tried with an ACS and now with a Microsoft's NPS and on both scenarios, i see in the WLC that the client should have the replaced IP but w...

ISE 1.1.1 - RegisteredDevices Identity Group

Working on building a ISE 1.1.1 system to match our internal security policies, and have hit a dilemma. Here goes:The requirement states that there need to be differing network authorization profiles for different device types: Domain PCs, Non-Domain...

Problem with work group bridge authentication with ACS 5.x

EAP-TLS authentication for workgoup brdige fails.Folloing is the log on ACSAuthentication failed 12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain12811 Extracted TLS Certificate message containing clien...

ACS v5.2.0.26.3 - AD Join/Rejoin/Disconnect Problems

Hi!I see under the Active Directory tab that the AD Connectivity status is suddenly set to Disconnected.But if I click the Test Connection button, the result comes back Successful.So then I'm stuck....Is there a way to rejoin the ACS into AD?I have d...

NAM and "unprotected identity pattern" not working as expected

Hi,I'm trying to test such 802.1x wired environment:windows xp sp3 as supplicantwindows NPS as radius server 2960 as authenticatorlatest anyconnect (3.1.01065) + nam and standalone profile editorI have a question:Could someone explain me the differen...

Rejected ACS local-certificate with surrogate CA

I'm going crazy because of clients rejecting ACS certificate.I have deployed successfully one ACS 5.2 in a HQ with EAP-TLS and PEAP and everything is working fine. There is only one main CA.Problem is while deploying another ACS 5.2 against another A...

Resolved! Cisco Secure Services Client v5.1 for Windows 7

hi all,i'm trying to download CSSC v5.1 for windows 7 but can only see support for vista.will the vista version gonna work for a win7 machine?

ISE NFR Allowed protocols

Hi all,I am trying to configure ISE NFR (installed on vmWare) - I had to start from the only available NFR version 1.0 - so I first made upgrade to version 1.1.1(acording to release notes there should be no problem with stright upgrade) then applyed ...

Resolved! Machine Authentication not working after workstation unattented ovr night - ISE 1.1.1 -

I am running an ISE 1.1.1 patch 2 and authetntication Windows XP machine using PEAP authentication with both user and machine authentication. The issue is that when a machine is powered on the machine authentication processes fine and the user authen...

Fail to edit ISE inline posture node after success register from Primary Node

Hi all, would like to ask what this error message mean? It appear after i successfully from primary node to register the inline posture node.thanksNoel

Network Access Control

Forum Posts

New ACS appliance not showing FQDN hostname in GUI

ACS 5.3 Patch

IDFW AD Agent - DC status is "down"

ACS 5.3 Secondary instance logs missing

Resolved! ISE 1.1.1 Windows NAC client posture checking loop

Replacing client IP by RADIUS attributes using a WLC

ISE 1.1.1 - RegisteredDevices Identity Group

Problem with work group bridge authentication with ACS 5.x

ACS v5.2.0.26.3 - AD Join/Rejoin/Disconnect Problems

NAM and "unprotected identity pattern" not working as expected

Rejected ACS local-certificate with surrogate CA

Resolved! Cisco Secure Services Client v5.1 for Windows 7

ISE NFR Allowed protocols

Resolved! Machine Authentication not working after workstation unattented ovr night - ISE 1.1.1 -

Fail to edit ISE inline posture node after success register from Primary Node

Cisco ISE posture policy match orders

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

Default Route SGT

PX Grid Connector and Service NOW

ISE Posture: secure client stops posture synchronization

Impact of Resetting ISE Context Visibility on Endpoint Connectivity

Cisco ISE posture for Wi-Fi is stuck on Action Needed

ISE pxGrid client/server certificate creation and renewal

not able to export scheduled reports to repository

Mac Authentication Bypass (Credential Failure)