Network Access Control

Cisco DNAC, ISE, and WLC Deployment without SDA

We're about to deploy Cisco DNAC, ISE, and WLC across four sites, and we would love to tap into the collective knowledge of this amazing community to gather suggestions and tips for enhancing our architecture.Here's a brief overview of our deployment...

Cisco Secure ACS integration issue on Cisco router

Good Day,Please help me with my Cisco ACS integration issue. I already configured ACS, but when im trying to configure AAA on cisco router and try to login to the router remotely using telnet, i can't login with the credentials that i created on ACS,...

cisco catalyst 2960x is it IBNS 2.0 compatible?

im having problems creating classs-map, policy-map and im getting fo example: Command deprecated (authentication event fail action next-method ) - use cpl config so is ther something special that i dont know or is imposible to use IBNS 2.0 with this ...

Resolved! ISE 2.7 Clustering Issue

Hi Team, I have a total of 4 ISE nodes on a VM medium size. Previously, it was on 2.3 where we are facing multiple issues. Recently I migrated that server with the fresh installation on version 2.7 patch 9 on a newly created VM host using ISO image. ...

Resolved! EAP-TLS Computer Authetication Failing

Hi, I have configured ise to accept both machine and user certificate authentications and mab device management.The user and mab certificate authentications are working properly, so both the ISE, switch and supplicant side configuration of the pc are...

802.1x Fails with some 8841 phones and not others.

Cisco Unified CM AdministrationSystem version: 12.5.1.13900-152Why would 802.1x keep some phones from registering with call manager?I connect Cisco 8841 telephones to Merakis where 802.1x is enabled on the phone and on the Meraki.Authentication works...

Resolved! What Ise Radius template to use?

Hello, i'm deploying an Ise environment and i'm guessing what Ise Radius template to configure on the switch.I saw a lot of different configuration commands but can't understand where to retrieve them and what's the differences.Is the following port ...

Router/Switch 2 Factor authentication using ISE/TACACS and Safenet/Gemalto token RADIUS service

Hi, I have been asked to look into implementing two factor authentication for device logon to our routers/switches/ASA firewalls using ISE with Safenet (Gemalto) providing the external RADIUS token services. Is this scenario actually possible ? The d...

Resolved! Import Devices into My Devices portal

We are looking to upgrade to ISE 3.1 and we use the My Devices portal for our employees to register their personal devices. Does anyone know if it is possible to import devices and have those devices show up in the users My Device portal? Users log ...

Resolved! MAC- Based Authentication in ISE which license & methods are in use??

I need to know that Can ISE supported MAC-based authentication as per the below request: - If i want to achieve mac based authentication in essential licenses if yes then can I do it? - if i want to achieve mac based authentication in the Advantage l...

Resolved! Cisco ISE 3.1 patch 7 user custom attribute - admin user error

Hi, If i define an user custom attribute and i go and create or edit an admin user i'm getting error: xwt.widget.repeater.DataRepeater._fetchItem(). A record(record id='adminCustAttrRepeater') in your data store does not contain a field named 'value'...

Resolved! Using SGT, which SGT should I use for Internet access

Hi all;Suppose I want to enforce Internet access on ASA based on TrustSec SGTs. In this scenario, which SGT IP mapping I have to create so creating ASA access control list based on that to manage Internet access?Thanks

Resolved! WAKE on LAN with dot1x

Hi all,iam trying to send wake on lan packets from central sccm server,i have edge switches cat9300i configured access-session control-direction inon all ports because i have dot1x configuredon closed ports and open ports, some machines wake up and s...

Resolved! Adding Secondary Admin & Secondary MNT node into the cluster issue

I have a three nodes ISE 3.2 patch-2 environment:ISE1: Primary Admin & Primary MNT,ISE2: PSN,ISE3: PSN,I need to add ISE4 into the cluster and mark it Secondary Admin & Secondary MNT.However, as soon as I add ISE4 into the cluster, both ISE2 and ISE3...

Resolved! cisco NAC solution

My management decided to go with NAC solution for WIRED/WIRELESS user . We have Virtual ISE in my environment, and the version is running as 2.7.0.356.We're using it only for TACACS authentication.If we want to use NAC in ISE, then what are the requi...

Network Access Control

Forum Posts

Cisco DNAC, ISE, and WLC Deployment without SDA

Cisco Secure ACS integration issue on Cisco router

cisco catalyst 2960x is it IBNS 2.0 compatible?

Resolved! ISE 2.7 Clustering Issue

Resolved! EAP-TLS Computer Authetication Failing

802.1x Fails with some 8841 phones and not others.

Resolved! What Ise Radius template to use?

Router/Switch 2 Factor authentication using ISE/TACACS and Safenet/Gemalto token RADIUS service

Resolved! Import Devices into My Devices portal

Resolved! MAC- Based Authentication in ISE which license & methods are in use??

Resolved! Cisco ISE 3.1 patch 7 user custom attribute - admin user error

Resolved! Using SGT, which SGT should I use for Internet access

Resolved! WAKE on LAN with dot1x

Resolved! Adding Secondary Admin & Secondary MNT node into the cluster issue

Resolved! cisco NAC solution

EAP-TLS Device Certificate for Entra Joined Devices with Intune

Posture assessment report never finishing

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

Default Route SGT

PX Grid Connector and Service NOW

can no longer ssh into the Primary Admin/Secondary MnT node

NTLM Disabled and ISE-PIC

Impact of Resetting ISE Context Visibility on Endpoint Connectivity

Cisco ISE posture for Wi-Fi is stuck on Action Needed

ISE pxGrid client/server certificate creation and renewal