Network Access Control

Resolved! ISE 2.7 dot1x Failure Reason 12308

HEYi have a strange problem when implementing dot1x in my lab environmentmy supplicant successfully authenticate against active directory but still ISE consider the authentication as a failure because the supplicant send resualt TLV message. Event540...

Resolved! Passive ID log off

Hi,how ISE receives notification when users is logged off.Log on is registered as WMI events from the DC.Is there a mechanism to notify ISE about log off event and trigger CoA that will kill the session on the switch.BR Milan

Resolved! ISE in a Hyper-V cluster using Storage Spaces Direct Hyper-V cluster

I want to understand if I can install ISE in a Hyper-V cluster using Storage Spaces Direct Hyper-V cluster, or would I just implement individual Hyper-V instances? The plan initially is to have 4 nodes, two PAN/MNT and two PSN's. There will be loca...

ISE 3.1 Clarification on InactiveDays endpoint attriubute

Hi to all,as far as I understood when profiler service is not enabled InactiveDays attribute is useless in endpoint purge rules since its value is the same of ElapseDays, that is it does not store information about when the endopint has been "last se...

Resolved! ISE configuration and operational backup restore from 2.6 to 3.2?

Does ISE supports configuration and operational backup restore from 2.6 to 3.2 version?

Resolved! Privilege levels and access-lists on Catalyst

I have configure a user in privilege level 5 and I want it to be able to write and change ACL's.config :privilege interface level 5 ip access-groupprivilege interface level 5 ipprivilege configure level 5 access-listprivilege configure level 5 ip acc...

Historical IP Assignments for Endpoint/User Device in Cisco ISE

Is it possible in ISE to see what was the IP assigned in the past to a particular endpoint/user device (like what was the IP device get then after some time or re-authentication, which IP is used)?And how any days of logs we can get from Cisco ISE?

Resolved! Connect 802.1x Device to Non 802.1x Port

Hi, Is it possible for end-user device which the LAN port has been configured with 802.1x EAP-TLS to connect to non 802.1x switch port (the switch port just configured access vlan only without any 802.1x configuration)? Thanks

Resolved! Cisco ISE AD probe

Hi,I'm trying to profile corporate assets without doing any kind of posturing.Was excited about the Active Directory probe but I've hit some limitations. According to some documts the to trigger the active directory probe, ISE must get the host-name ...

Resolved! Inventory of Installed Cisco Secure Client via ISE Console

Hi All, We have deployed Cisco ISE 3.0 Patch 7 for one of our customers. We are using Cisco Secure Client (formerly AnyConnect) for posture checking. Cisco Secure Client has been installed on all endpoints via third party tool "Manage Engine Desktop ...

Resolved! Replacing AD servers in a network with ISE

The server team will be replacing the existing AD servers with new ones shortly. The new servers have been added to the network using new hostnames and IPS and will live side by side the old servers until everything else is confirmed OK at which poi...

3615 ISE

Dears,if i want to do basic 2 redundant implementation, 2 nodes at HQ (carrying all personas) and 2 nodes at DR (carrying all personas). What's the max active sessions? do I need double license count (one for HQ and one for DR) as the Admin persona a...

Resolved! REST API for DACLs Not Accurate

I don't open TAC cases for REST API issues because I don't have the time. I am just posting to see if this is a known issue on 2.4 patch 6. The current policy export XML file doesn't contain the contents of the DACLs (another issue that should get...

Unable to delete profiler condition.

Hi all, I am unable to delete profiler condition, it shows message like this "Unable to delete check. com.cisco.cpm.nsf.api.exceptions.NSFCheckDeletionException: com.cisco.epm.pap.api.exceptions.IntegrityViolationException: Can not delete the rule wi...

Resolved! Force Authenticate/Authorize Endpoints

Hello everyone, I was wondering if there's a way to force authenticate/authorize a specific endpoint (or group of endpoints) using ISE GUI in case of a failure or t-shoot needs. For example, let's say that the CEO's workstation is not passing 802.1x ...

Network Access Control

Forum Posts

Resolved! ISE 2.7 dot1x Failure Reason 12308

Resolved! Passive ID log off

Resolved! ISE in a Hyper-V cluster using Storage Spaces Direct Hyper-V cluster

ISE 3.1 Clarification on InactiveDays endpoint attriubute

Resolved! ISE configuration and operational backup restore from 2.6 to 3.2?

Resolved! Privilege levels and access-lists on Catalyst

Historical IP Assignments for Endpoint/User Device in Cisco ISE

Resolved! Connect 802.1x Device to Non 802.1x Port

Resolved! Cisco ISE AD probe

Resolved! Inventory of Installed Cisco Secure Client via ISE Console

Resolved! Replacing AD servers in a network with ISE

3615 ISE

Resolved! REST API for DACLs Not Accurate

Unable to delete profiler condition.

Resolved! Force Authenticate/Authorize Endpoints

Guest Portal authentication behaviour

Posture Script Condition–Fails to Connect When SHA-256 Fingerprint Add

Is it possible to use "PostureOS" attribute in ISE Profiling Policy

Upgrading ISE-PIC for FMC

Posture status changes to 'unknown' with no apparent reason

custom FQDNs for Guest/Sponsor Portal

ISE reimage using CISM

Cisco ISE in Entra ID

Windows Defaulting to EAP-TLS Instead of PEAP for Non-Corporate SSID

enabling MFA for identity users