Network Access Control

Cisco Access Control Server (ACS), Identity Services Engine (ISE), Zero Trust Workplace
Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Forum Posts

Resolved! ISE with LDAP using PEAP or MSCHAPv2

Hi Team,I have a customer using LDAP and RADIUS using PEAP and MSCHAPv2 protocols.They are evaluating ISE but, using ISE with LDAP is not supported PEAP or MSCHAPv2.The customer is asking us for a reason,  what is the reason why ISE does´t support th...

gugonza2 by Cisco Employee
  • 9 replies
  • 0 Helpful votes

Resolved! ISE 2.4: Can you configure multiple "CRL Distribution URL"s per trusted certificate?

Hi everyone, If I'd like to check more than one FQDN for a CRL prior to authenticating a trusted certificate, is this supported? As far as I can tell the documentation doesn't define this field as a list but as a single URL.  Example:  myCDP1.mydomai...

Nadav by Rising star
  • 3 replies
  • 0 Helpful votes

Resolved! Cisco ISE - all switch ports blocked after disconnection and re-connection

Hi Everyone (long time reader first time poster), I have a Cisco IE4000 (actually a Rockwell Stratix 5400 OEM switch but they are hardware & IOS identical for purpose of this discussion) setup with RADIUS and TrustSec connections to an ISE server (ru...

Resolved! Switching VLANs Required in ISE CWA with Flex Connect local switching?

  ISE CWA with Flex Connect local switching.    With this configuration does the client start off in one VLAN and then get switched to the local VLAN on the AP? I expect AAA override and CoA would be part of this? How does the client handle the re-dh...

Dan Davis by Cisco Employee
  • 1 replies
  • 0 Helpful votes

Resolved! F5 ISE integration

We have a customer who has F5 and PSNs in LTM mode but are doing an SNAT for incoming radius traffic hence all radius requests appear to come from the F5. This is because F5 and PSNs are separated by L3 and are not physically inline.    However it is...

umahar by Cisco Employee
  • 1 replies
  • 0 Helpful votes

Resolved! ISE 2.x - How to get Endpoint custom attributes in a single query

It's possible to query and get a list of endpoints in a given Identity Group: curl -k --header 'Accept: application/json' --user xxx:yyy https://omf-01-ise01:9060/ers/config/endpoint?filter=groupId.EQ.12abb870-295a-11e9-aed1-76f66f54fcc8 However `cus...

Resolved! Endpoint hitting correct rule in live Log, but shows up incorrectly in Conext

I have been trying to properly profile devices and get them put into specific rules instead of the last rule. My last rule is called 'Closed_Mode'. I want the endpoint to hit the AuthZ rule 'Global..SJ_Computers'. it appears to hit the proper rule in...

Capture1.PNG Capture2.PNG

Resolved! Get HTTP User-Agent with URL redirect where endpoint doesn't see webpage

I really want to get the HTTP User-Agent attribute on my endpoints. I understand that the only ways to do that are URL redirect or SPAN. I don't want to do SPAN.  But using the URL redirect doesn't really seem to work for me either because I don't wa...

Resolved! ISE Posture Condition

Hi, Can I have a posture condition for the following in ISE 2.4/2.6? Cisco Umbrella agent in installed and runningQualys agent is installed and runningPlease note - requirement is not for pxgrid integration of qualys or umbrella, only for posture che...

rajeshp20 by Beginner
  • 1 replies
  • 0 Helpful votes
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: