Hello community, I have a basic and initial network configuration for 802.1X based authentication where an endpoint basically needs to authenticate with the CISCO ISE via Active Directory.The authenticator switch is a CISCO 3650 and the endpoint is a...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
dear cisco community can someone please explain to me the below scenario.we have polycom IP-Phones connected to our network, we used profiling to authorize the phones.most of them works fine, but some of them shows as (15039 Rejected per authorizatio...
Hey guys, Good day.I have some vendors and some 3rd party users in my network but they are not in my Active directory but some of those users access network using VPN, but after deploying ISE can I somehow bind the MAC addresses of vendor's laptop, a...
Hi,We are new to ISE and trying to establish a FTP connection between cisco ISE and FTP-server over a network.The device where my FTP reside is not directly reachable to ISE but Natted. On ISE, when creating repository, we are using NAT IP address as...
Hi all I'm currently trying to upgrade my two physical servers from ISE 2.7 Patch 4 to 3.0 with the file ise-upgradebundle-2.4.x-2.7.x-to-3.0.0.458.SPA.x86_64.tar.gz. When doing that in the web interface I get the very weird error: Please select Up...
running 2.4, upgrading to 2.7. i was able to download ise-upgradebundle to secondary node, but when i try to download to primary node using the same Repo I get the error: "The selected bundle is NOT found in the repository; select a different one.'. ...
Resolved! Cisco ISE license migration
Hello, help needed, if possible.Cisco ISE deployment has “R-ISE-VM-K9=”, “L-ISE-BSE-500=” and “L-ISE-TACACS=” licenses that ends by contract in August and September 2021. End of Support for these licenses is February 28, 2022.Cisco ISE version is 2.2...
Resolved! Network Access - Limiting Access DHCP
Hi all, hope to find everyone wellI have several 3650 with two ports configured for DHCP for the management VLAN. If a computer connects on those ports an IP address to this vlan is given and the PC is able to access the entire network. My question i...
Resolved! ISE PROFILING FOR GUESTS
Hi Everyone, I have a query based on profiling.When I check live logs, I see guests being listed as unknown under endpoint profile. Is there a way to create endpoint profile for guests ? Thank you in advance
Resolved! DHCP Snooping for Device Senor Profiling
Good morning experts,I have a question in regards to DHCP snooping as I understand this feature must be enabled for the Device Classifier. So here we go...We have a couple of branch locations that utilize a router-on-a-stick design. Basically we ha...
Hi All, We have a software issue where a certain type of vendor device randomly starts using an incorrect source MAC address. A manual port-bounce cures the problem...and afterwards the device types uses the correct source MAC address. So I'd like to...
Resolved! ISE Smart Licensing Proxy Connection
Hello, I want to upgrade a Test-ISE from 2.7 to 3.0 and I think first I need to convert to Smart Licensing, this is right?when I want to register to Smart License I can use a proxy, but the proxy address is http://webproxy.company.int:8080 and if I w...
Hello all,I have set up a demo lab and am trying to learn how best to secure ISE. Now I am wondering how to secure the access to the Sponsor Portal.I use interface 0 I for management. Interface 2 and 3 I have bundled for the data. If I would manage t...
Is it correct that DHCP snooping is used by IPDT feature specifically for having IP address information in the RADIUS access session, but not for Device Sensor based dhcp profiling (RADIUS Accounting based)? In other words, is switch DHCP snooping re...
Resolved! C9300 - Radius dACL question
We are implementing dACL with RADIUS on a C9300 switch with IOS 16.9 Our configuration seems to be correct and we have the inbound dACL working on a switchportCisco-AVpair = "ip:inacl ...." But the outbound acl is not applied or rejectedCisco-AVpair ...
