Network Access Control

Resolved! ISE downgrade from 3.0

Hello, recently we purchased a couple of the new ISE 36XX series appliances and they come with ISE3.0 from factory. We need to downgrade them to 2.4 to run some testing before going to 3.0. Is the only way to downgrade is to run process from CIMC?

Resolved! Authentication violation - Shutdown - not shutting down the port

Dear community, I have enabled Cisco ISE MAB in a port as following: interface GigabitEthernet1/0/8switchport access vlan 2switchport mode accessswitchport voice vlan 3authentication order mab webauthauthentication priority mab webauthauthenticatio...

Resolved! ISE Installed base upgrade after upgrade inside CCW-R

Hello,I have a question regarding customers with legacy virtual machines (R-ISE-VM-K9=) and old ISE licenses like: L-ISE-BSE-3500=End-of-support for both is 28th of February 2022. This is clear.If the customer has active service contracts, the VM war...

Resolved! ISE and CoA

Hello, When I modify an endpoint custom attribute in ISE (thru the API) (MAB authenticated), the "authorization profile" change, but not the "endpoint profile".I need to do a clear session for the endpoint on the switch on which the endpoint is conne...

Resolved! Cisco AnyConnect Upgrade with Posture check on ISE

HiWe have Cisco AnyConnect VPN solution with posture check on ISE. For this posture compliance module is pushed via client provisioning portal from ISE. Now we are planning to upgrade Cisco AnyConnect VPN + posture client. But when we push new AnyCon...

SXP between ASA and ISE fails

Guysi need advice with subject. ASA runs 9.12.4(10), ISE is 2.1 latest patchthings before SXP setup:1) ASA was configured for CTS & it was prepared on the ISE as NAD. ASA has been successfully able to fetch SGT from ISE. config on ASA:aaa-server ISE...

ISE Internal user disabled

I am running around a strange issue. My ISE internal users gets disabled automatically in 24 hours. All the users are TACACS users. They change the password from a network device and it works, but after 24 hours the same user gets disabled. This user...

Resolved! Admin account of ISE CLI has issues with credentials

Hi , We have a set of 5 nodes in our deployment and we are facing issue while logging into their CLI via "admin" credentials. Error : "Access Denied". Note : We are using the correct password configured for the admin account and which was changed in ...

5400 Authentication failed - ISE - Happening Randomly to users

Hi,Would appreciate if I can get some tips or ideas on what the issue might be. Seems that users do get an IP address as they cannot be authenticated. Looks like it might be between ISE and Active directory, however so far have not found the exact pr...

ManageEngine Asset explorer can't discover Cisco ISE appliances

I'm using ManageEngine Asset explorer with SNPM V2 to scan the devices in my network, but unable to detect ISE appliances for some reason, even though SolarWinds Server is able to discover ISE using SNMPV2, Why is this/ could it be a compatibility is...

Resolved! Looking for a Cisco ISE configuration to work with Microsoft Intune

Hey everyone, Looking for a configuration guide or best practice setting for Cisco ISE policy to work with Microsoft Intune using EAP-TLS. Thanks!LN

Resolved! Using Azure AD to authenticate guest portal users

Hi Guys, is it possible, in your opinion,use azure AD to authenticate guest users (with portal?)I would like to implement a guest wifi (open access) for internet access where:- guest are sponsored- employee use their azure credentialsIn case can you ...

Resolved! After upgrade to ISE2.7 old Catalysts stop RADIUS authZ priv-lvl=15

Hello, please look at the debug output which caused Authorization failure for users with priv-lvl=15 setup.ISE doesn't see any problem and sends av-pairs to switch, but Catalyst does not allow authorization.What changed to the RADIUS from ISE 2.6 to ...

Resolved! Cisco ISE custom command set for WLC Monitor

Hi Experts - Looking for urgent assistance on configuring Cisco ISE Custom command set for WLC. Question is : How we can configure RO access on Cisco ISE with custom commands through CLI for WLC devices. Like we do for router and switches. I have al...

Resolved! Using CHAP with TACACS

Can we use CHAP instead of PAP for device administration. If yes, how we can configure ACS/lSE to achieve this?

Network Access Control

Forum Posts

Resolved! ISE downgrade from 3.0

Resolved! Authentication violation - Shutdown - not shutting down the port

Resolved! ISE Installed base upgrade after upgrade inside CCW-R

Resolved! ISE and CoA

Resolved! Cisco AnyConnect Upgrade with Posture check on ISE

SXP between ASA and ISE fails

ISE Internal user disabled

Resolved! Admin account of ISE CLI has issues with credentials

5400 Authentication failed - ISE - Happening Randomly to users

ManageEngine Asset explorer can't discover Cisco ISE appliances

Resolved! Looking for a Cisco ISE configuration to work with Microsoft Intune

Resolved! Using Azure AD to authenticate guest portal users

Resolved! After upgrade to ISE2.7 old Catalysts stop RADIUS authZ priv-lvl=15

Resolved! Cisco ISE custom command set for WLC Monitor

Resolved! Using CHAP with TACACS

UserPrincipalName not showing in ISE Log for certain user

CISCO NAM installation by iso generated by System Center

can i USE 2 CISCO ISE posture policy in same time with 2 Anti malware

High Response time for Entra ID TEAP with ISE

Cisco C9200-M Meraki agent posture support - ISE integration

Cisco ISE PAN License

Only allow enable, show commands, no config allowed, cant make it work

Invalid Request error on GUI login - suspecting MnT Restriction issue

ISE VM Smartnet

ISE 3.5 requests for SMB Version 2 from Active Directory