Hi all, I am using ise 2.4 with windows AD for my environment's 802.1xI am using both user and machine cert authentication. I have also enabled the option "always perform binary comparison" for both my user and machine cert authentication profile. Wi...
I recently worked with a customer that is deploying Juniper EX switches with their existing ISE 2.6 cluster for NAC. We found that the currently available Network Device Profile for Juniper EX switches did not provide the ability to perform CoA actio...
Hi all,I try to understand a concept of the Cisco TrustSec system.On a network, I always used (until now) the binding of SGT to VLAN: this work well.For now, I want to go one step further and to statically bind some specific IP to an SGT.For example:...
Hello,I would like to configure several guest/sponsor portals on my Cisco ISE deployment and use them as a result in authentication policy for guest SSID (different sponsor/guest portal depending on location, WLC etc.). Just to make sure: I can crea...
Hi everyone.I'm working on a project to setup captive network. Therefore, for a user to connect, we redirect them to a login page where the url-redirect=https://example.com/login.html?client_mac=<<user's client mac address>>On the url-redirect config...
I've seen some posts on the forum regarding the use of AAA to login to an ASA in enable mode. I'm using a Server 2008 R2 NPS server, and I can successfully login. However, I'm using the NPS server to send back the Cisco AV-pair for 'priv-lvl=15'. ...
ISE 3.2 patch 3 Windows 10 Wireless supplicant with wlan auto-config running but authentication missing. Has anyone ran into the issue where the Windows 10 wireless supplicants auto-config services is running/auto but the authentication tab is missin...
Hello,We've recently deployed new site and we would like to enable dot1x authentcation on all access ports. The point is that we've got some IoT devices (such as attendance systems and access control) that do not support EAP-TLS or PEAP and do not ha...
Hello,We are in a midst of a POC and one of the scenarios we are testing is if Intune (our MDM) is not reachable for some reason (internet transit problems, problems with Intune itself, etc) and we cannot get a consistent result from the policy evalu...
Created a quick script to help migrate MAB endpoints from one ISE server to a new one. Written in Python and should be cross-platform if the required modules are installed. There are many comments in the source code to allow other users to modify i...
Hi is there possible ISE send RADIUS accounting to another system like Fortigate? in my scenario, we have fortigate at edge block and ISE for dot1x user authentication. we want enable Fortigate RADIUS Single Sign On with ISE as RADIUS Server.
Dear team, we have multiple endpoint configured with DOT1X Authentication and Endpoint passed the DOT1X Authentication. Recently most device which are authenticated moving itself from DOT1X To MAB unexpectedly every morning. Is there anyone having ...
We have SNS-3415-K9 at each branch office and a pair of SNS-3495-K9 at our Headquarters. The branch office servers run policy service persona only, while the 2 HQ servers back up each other and run both the administration and monitoring in addition t...
Hello,has anyone experience in the CP ID Collector Integration?We've a Checkpoint Identity Collector connected with pxGrid 2.0, Client is approved, everything's fine, ISE is connected to AD.But I've no Idea, what to do, to publish Information about A...
Hi Guys,I couldn't find the answer on previous community discussion or webinars, even if I saw one question about it but no one replied.Context : I'm in charge of deploying ISE on our head office network. We are actually in monitor mode, for 30 sites...
