Is anyone doing IBNS 2.0, or is everyone sticking w/ the legacy "authentication" commands that have been available like forever?We're looking into IBNS 2.0 to take advantage of its critical ACL feature that's not available in the legacy auth-manager ...
Hi Guys, I'm installing ISE 1.2 on the network and when testing with few machines, some of them reported "errdisable" status on the port after applying the .1X configuration. The config for the port I have is:switchport access vlan 10switchport mode ...
Hello, everyone!Can someone explain how the switch decides whether to use the primary or secondary PSN when sending Tacacs or Radius authentication requests? It depends on how the switch is configured or something else.Thanks Thanks
Hello,As part of a project, I need to implement 802.1X within my company. Therefore, I have set up a physical lab consisting of 2 switches and two PCs:- Two Cisco Catalyst 2960 Series switches with Cisco IOS® Software, Release 15.0(2)SE5- PC with Mic...
Hi, on ISE 2.7.0, would it be possible to get a report of the number of active devices on Cisco ISE in the last 30 days?The report should indicate the maximum number of devices seen/authenticated for each day.I tried on the available default reports ...
Dear Community Support.1. I have a need for only a Wired NAC, no wireless or Mobile Device Management. I am trying to understand /clarify what licenses I need to procure.2. I will be deploying two PAN Nodes in a central Data Centre - Primary and Seco...
Hi Cisco ISE admin folks,is there a way to force users to use LDAP insted of local users, as long as LDAP can be reached?How are you enforcing this? (*) I see that this policy can be specified in the web GUI, but there is also an option in the CLI wh...
Hi all;Based on the following discussion, we can assign 0.0.0.0/0 to SGT Unknown (0/0000) for Internet traffic (any traffic that does not have any explicit assignment):https://community.cisco.com/t5/network-access-control/using-sgt-which-sgt-should-i...
I am getting the error below when trying to configure WMI. I almost get a similar error if I try to deploy the agent instead, i.e. remote copy failed to set credentials. I am using a domain admin account and I didn't see anything obvious when I tur...
Hi ExpertsRecently we upgraded Catalyst c9200-48P to 17.9.04a which is the recommended version.But the strange is that it seems the radius authentication failed when login to SSH by Putty.Before upgrade, it is working, when login by an AD account, it...
We currently have ISE- 5 node cluster with 2 node for PAN and 3 nodes for PSN and currently running 2.4 version.We need to upgrade to 3.1 which is currently the suggested stable release.All integrations like AD, SMS gateway etc are active on the curr...
Hi All,I have started building policy sets in ISE w.r.t wired 802.1x and mab in ISE and have configured switch for the same. But couldn't make the auth success.Switch logs:-*Feb 21 10:47:54.751: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication ...
Perhaps this will save anyone out there some frustration when using ISE 3.2 or later. The BU decided to rename a bunch of commands that were inherited from the classic Cisco IOS world, and which are deeply ingrained in our brains. It caught me out an...
Hi all,I am in the process of configuring corporate WiFi with the following setup:ISE 3.1 with a premium license, and a WLC Catalyst 9800-LWindows 10 laptops joined to a domain, featuring duo authentication without user certificatesThe laptops are eq...
When client joins network for a first time, we get "Radius session not found. Please contact helpdesk for assistance". After turning WiFi of the device Off and back on, everything works fine. We are running 17.11.1 on WLC9800 and 3.2 patch 4 on ISE
