Hi all,i'm facing some problems with DHCP snooping config. The scenario is the following. An IP phone is attached to the Catalyst 3650 switch. The switch has a SPAN port that has as source interface g1/0/46 (interface to which the phone is connected)...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
Forum Posts
Hello team, We have a customer who doesn't have WSUS and would like to check for critical windows patches. I'm doing a check through the WUA (windows update agent). But, this flow is not working well, because AnyConnect takes a long time to check a...
Resolved! ISE TLS 1.0 Report
Hi All, is there any way I can see what users are using TLS1.0 and export that to excel? or maybe if there is an API that can report that? reporting
Resolved! ISE and Windows drive mapping scripts
We are using ISE authentication and posture assessment for VPN and wireless and need to figure out a way to have the drive mappings script run after posture assessment is complete and successful. I know AnyConnect can run scripts but has anyone done...
I have an ISE environment that we use for Tacacs, we are running version 2.6. The issue that I have is that for whatever reason, someone renewed the production TLS certificate on the primary admin node but didn't update the other nodes. So now wh...
Hello,In my environment, Cisco ISE 2.2 is being used as the RADIUS authentication server for a WLAN that uses WPA2 and 802.1X for authentication. On Cisco ISE, Network Access Users have been created for the users using that WLAN who basically use a U...
On an ISE deployment that is running TACACS for access control of network routers and switches, is it possible to get the IP address of the user end-stations to display in the details of live logs? ISE 3.1/operation/TACACS/live logs/you can see that ...
Hi,Would anyone know if it’s possible to download older versions of Cisco AnyConnect from Cisco directly? For example I’m looking for version 4.5.0.We have an SRX with an old firmware that can’t be upgraded, and there’s a known DHCP addressing bug w...
I have an ISE deployment with 2 PANs and 2 PSNs. Primary PAN, node A, had to be replaced due to hardware failure. node B was promoted temporarily so I can continue to manage ISE. I need to install the wildcard cert back on the new node A and promo...
Hi all,i'm struggling with an authentication related problem. I have an IP Phone (Polycom VX201) that connects to a contact center to download its configuration. Inside this config, there is the 802.1X supplicant credentials (username and password). ...
HiWe are using Cisco AnyConnect with posture check via Cisco ISE. Now we want to run some Windows scripts for AnyConnect users post connecting VPN and completing posture check. Please guide how we can configure ISE to triggers script with COA. Regard...
We are trying to control devices through MAC authentication in ISE. Department MACaddr Endpoint Identity Group Policy Sales aa:aa:aa Sales Group 1.1.1.0 Permit Marketing bb:bb:bb Marketing Group 2.2.2.0 Permit ISE does not use user identity...
Resolved! ISE 3.0 Guest Portal doesn't work
Hi, I have a ISE 3.0 on an ESXI. In last two days the guest portal is unreacheable and I receive an error also if i try to open the url portal test. I have the same result if I try to open also the other default portal. I tried to reload the device ...
Hi, We have a two node ISE deployment and the primary has admin and policy and the secondary has monitoring and policy services. recently after we have upgraded to ISE 3.1 from 3.0 we are experiencing random application server restart on the primary ...
Hi, In a Trustsec environment where devices within the same VLAN are not allowed to communicate, layer two traffic like ARP would be also blocked, right? This approach would allow us to have larger subnets without the caveats of the increase on the...
