I'm trying to get additional profiling data into ISE so things like macbooks don't show up as "Free-BSD". It looks like ISE depends heavily on the "User-Agent" http attribute for the apple related profiles. Access switches are 3650's. ISE 3.1. Dot1x ...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
Forum Posts
Folks,I needed some suggestion on Policies getting applied when the 802.1x authentication kicks in vs Initial Boot by a system.Our policies say that once the 802.1x authentication succeeds allow the machine to get authorized on the "Employee VLAN". T...
Resolved! ISE - Passive Identity Connector
Context Directory Agent (CDA) only supports Windows 2008 and Windows 2012 and it doesn't support Windows 2016.Our vendor said ISE - PIC (Passive Identity Connector) can be used to replace CDA and ISE -PIC supports Windows 2016Does anybody try to use...
Resolved! CDA Alternative
Hi all I was planning to configure the Cisco Context Directory Agent (CDA) so we can use AD Groups in the ASA Firewall access rules, but our Active Directory servers will be upgraded to 2016 this year and CDA does not support this OS Version. It doe...
Hello All,Recently found there are lots of VPN anyconnect user authenticated last year but halted in ISE live session, and occupied more base license. Actually, the users had dropped on the ASA devices, but still see active live session on ISE.I trie...
I am running ISE 3.0 Patch. I have a SecureX Remote gateway deployed into my environment to be able to facilitate connections from SecureX. I installed the latest Workflows from the My Exchange in SecureX Orchestration, specifically the ISE - Quara...
On a Meraki AP (MR42) running MR.25.11 firmware that has been configured in VPN: Tunnel Mode to send all traffic to an Meraki MX appliance/concentrator which authenticates to ISE 2.3 patch 5. We are seeing after ISE receives an Accounting-Stop (Termi...
is any there information available of how to optimize the search base for LDAP in ISE?
Hi, The switch 9200L, 17.06.04 has 802.1x enabled. I noticed in the logs that sometimes the 802.1x doesn't finish correctly and the log on the ISE says: 5440 Endpoint abandoned EAP session and started new, the switch log is: %DOT1X-5-FAIL: Switch 1 R...
Running ISE 2.7 patch 7. Question: I have a device that was previously connected to a 802.1x SSID and directly assigned to the endpoint group = unknown, later I manually assigned it to an endpoint group = testing. So my question is: If I have device ...
We have a deployment with 7 nodes, 2xAdmin, 2xMnT and 3xPSN and did a CLI patch install from 3.1 patch 3 to patch 5.We were able to successfully install patch 5 on the PAN first and then the 1 MnT, but ran into multiple problems when we tried to it o...
I have a question regarding MAC-spoofing in an 802.1X solution. Let's say I have the following deployment: Authentication server: Cisco ISEAuthenticator: Cisco Catalyst 2960XEAP-method: EAP-TLSSupplicant: Single PC on a wall-outletPeriodic re-authent...
Resolved! ISE live logs not logging after patch
Hello On ISE 2.3 VM and after installing patch 1 the live logs tacac or radius are no longer updating. all authentications still works but no logs, also system summery dashboard show No Data Available for all nodes. Did the patch break something...
Hello, I have question regarding of MAC address spoofing vulnerability, of already authenticated clients. Lest say in my deployment I have, Cisco ISE and Cisco Cat2960X switches, and clients are authenticated by 802.1X EAP-TLS. And periodic re-authe...
- FYI : https://www.cisco.com/c/en/us/products/security/identity-services-engine/policy-access-control-demo.html M.
