Network Access Control

Hi,I have two ISE VMs and am thinking of deploying them as a "split deployment".  Which as per my understanding places the two nodes in an Active/Active HA pair. So basically I want PAN, PSN and MnT personas to be running on both nodes and should one...

FireEye version 34 has been out since November.  The ISE posture updates are still only showing FireEye version 33 as the max.  What is the normal turn around time for the posture updates to reflect a new version?   Thanks

Hello ;actually, I'm setting up wireless authentication On cisco ISE 3.0 with 802.1X MS-CHAPv2 and MAB, but it's not working.my objective it's authenticating users based on the username/password and MAC  for this I apply it to the authentication Poli...

Hi, is there a way to prepare some reporting for managed iPSK endpoints including the expiration date for example? I'd like to be able to check for the endpoints that will expire and prolong the time in advance. Can the iPSK manager somehow inform th...

I am going to upgrade virtual ISE in HA running all personas to 3.1, and in regard to this I have a few questions.  I have done quite a bit of reading on the subject but would like to get the community's thoughts and recommendations on this topic.My ...

Hello,I'd like to know if it is possible to create a read only user account to access FTD 2130 using FDM (I don't use FMC)I have tried to create a user by CLI: config user add xxx basicThis user account can only access the device via SSH but came out...

We deployed ISE 1.4 to wired network and are using windows native 802.1x supplicants to do both user and machine authentication. The problem is when we RDP into the PC that are connected to 802.1x enabled switch ports, connectivity issues, and sessio...

Hi all, I am trying to work out why i am not getting alerted via email when an alarm is triggered in ISE. I have global alarm email addresses specified.On specific alarms i have multiple email addresses. (My understanding when this is done it overrid...

Hi all; Unlike to Cisco ACS that we can simply add RADIUS attribute 28 (idle-timeout) to a authorization profile, by default we can not find this attribute in Conditions Studio, but ISE provides this attribute in Policy > Policy Elements > Dictionari...

Hello gents and ladies, We received a new ISE server 3655K and will be deployed soon.  Before we deploy I have a couple of questions and hoping someone may have faced the same issue:1- Can we use fiber connection on 3655K (Port 0 and Port1)2- Can we ...

Hi, all Just want to understand some basics. For guest/contractor access using ISE CWA, does the guest VLAN has to be reachable or routable to ISE? My understanding is as long as the NAD device, that is the authenticator (either AP or WLC), could rea...

Are nested (indirect) AD groups - supported by ISE >=2.7 ? I want to check group membership in TACACS+ authorization. Answers of people who already verified this fact are welcome  

Hi All, I would like to understand a Cisco best practice in Profiling design guide. In the design guide, there is a Cisco best practice talking about the default authorization policy. https://community.cisco.com/t5/security-documents/ise-profiling-de...

The ISE Primary does not have the Enable Profiling Service checked but it is checked on the secondary. However, it is greyed out to make any changes. Is there a process to follow to keep have them unchecked for both primary and the secondary? These a...