Resolved! switch to the secondary PAN node
Hello.Is there any way to automatically switch to the secondary PAN node if the primary PAN node crashes? This usually has to be done manually.Thanks!
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
Forum Posts
Resolved! Cert Authentication Profile in ISE
Hello Greg, If I want to use below condition of cert like Common Name and OU what will be CAP Auth Profile config ? Specially Use Identity From Field in CAP ? I think I should only use Subject ? which will cover CN , OU. @Greg Gibbs
Hello Greg, @Greg Gibbs If User Device is Entra Joined and Users are Entra Joined and AD Joined in other words Hybrid is this use case is tested with ISE ? Is there a reference document you can share ? If users are Hybrid joined can we still do NAC ...
We have encountered an unexpected issue. Despite trying various troubleshooting methods, we have been unable to identify the root cause. We would appreciate expert guidance and recommendations.Problem SummaryWe are experiencing an issue with Cisco IS...
Resolved! ISE API - Endpoint Attributes
Hello,I've been poking around at the various ISE APIs including exporting endpoints via context visibility (CSV file exports) and not finding a way to export the endpoint WITH the inactivity days attribute. We have devices that the users may not tel...
Hi All, I am working on an ISE deployment and I am considering enabling the posture state synchronization at the end of the deployment. From what I have read about the feature, it seems like it can be helpful but I also have some concerns about it. M...
Hello, I am configuring 8021.x Radius for Windows 11 Users, and I have integrated ISE 3.4 with Domain controller 2025 by using AD and LDAPS method and both integrated successfully, however when I use AD method then windows clients successfully auth...
Cisco Guest Portal is not working when internet is not working. But my guest portal is hosted in Cisco ISE (PSN) which is internal and DNS server as well.
Dear All, We are using ISE version 3.1. Users are accessing the internal network via wireless connectivity on WLC 9800-L version 17.9.4. We have configured a posture lease (1 day), enabled LSD, and no PRA. Here's the issue: Users are randomly trans...
I configured posture policy which use (windows 10(all)) as operating system criteria. and all posture conditions using windows 10 also. but windows 11 PCs still be scanned for posture. Note : posture requirements still in audit state. Can someone exp...
Resolved! ISE Patch Question
I have a 4 node deployment - I plan on patching the via CLI and start with the PAN first - PSN Second and the Sec PAN third, but when the below question is presented do I need to say no in order to continue patching the remaining nodes individually?...
Post 3.4, patch 4, Replication stop between PAN and PSNs, error, Jediss replication failed, CLI access issue-error failed to connect to the server. throwing an error in the debug log : Error, Failed to connect to server, could not connect to test-ise...
ISE Upgrade Incident SummaryOverview: ISE 1 and ISE 2 were upgraded from version 3.3 to 3.4. The upgrade did not go smoothly because the upgrade on ISE 2 failed partway through.Timeline and ObservationsPre-upgrade: The bonded interface for Gi0 was do...
Hello!We tried to upgrade our ISE 3.2 on VMWare (patch 3,4 and 7) to 3.3 using the upgrade bundle, but got the same result:the appliance becomes a brick after reboot, which is included in upgrade process. No logs are available after that reboot, and ...
We are trying to make auth work in Grafana via Cisco ISE and RADIUS protocol through OAuth, and we have managed to get this working by using Cisco AV-Pair dictionary attributes. In order to granularly authorize access to differnt dashboards, I need o...
