Network Access Control

Is anyone familiar with a way to centralize the reporting of TrustSec events on switches and routers? Specifically SGACL drop messages. Our network topology consists of around 150 switches (mostly 9200/9300s) and 100 routers (all 4331s or 4431s). Rig...

I am currently working on standing up a new ISE 2.7 instance side-by-side with our older 2.3 instance. Both instances profiler feeds stopped working after 3/17/2021.  The errors I'm getting are below. 2.7 patch 3Feed Service error : null**Please ensu...

Hello, Is it any way to configure ISE Posture Policy (some conditions) that ISE analyzes user level of priviliges on remote computer (on computer from which he trys to orginize anyconnect VPN connection)?If user has priviliges of administrator on rem...

Is there any way to configure  some authorization policy on ISE in which you can define a whitelist of remote devices that are allowed to build VPN. As an option, obtaining a some unique id from a remote device. The method with certificates is not su...

I would like to use an endpoint custom attribute to trigger the network access a device has.  So as an example if I have a device that has a endpoint custom attribute of Display, I would like to use that as a condition to assign a specific DACL or vl...

Hello Does anybody know if there are any recommendations or if someone have experience with migrating ISE servers from HyperV to Vmware platform?I'm courious about first option, I know second can be done. 1.  option:Backup ISE virtual machine with ve...

We have 2 PSN nodes for client auth. All works on PSN1. When PSN1 is offline auth is directed to PSN2. All clients then fail to authentication with the following error. cisco endpoint started new session while the packet of the previous session is be...

Hi,I found a few discussions about the subject but I'd like to confirm. My idea (for wireless connections) is to use machine auth before user logins and user auth after login. I configured machine group verification as a first step and "was machine a...

I have an OLD ACS 1121 appliance, anyone know if I can apply its license to a Virtual machine?

Hi All, What will be the service impact if Sponsor Certificate expired. Im using Guest, BYOD and Posture services.My Apex and plus license is expired 90 days back still will i get self signed(CSR) from ISE or first i need to get the licences renewed ...

Hello, We have certain teams that have very limited ISE GUI permissions for both Menu and Data. The purpose is to give them as simple an interface as possible but enable them to add/edit/delete endpoints that will have access to their specific networ...

Hi Guys,I am experiencing some issues that for some reason my user certificate is not able to use for 802.1x authentication even though my user certificate usage is set to Client Authentication.Are there any permissions needed in the AD/GPO for the u...

Hi All, Can someone please help with the difference between signed and CA certificate to be used in cisco ISE. I think for all the nodes in the deployment must have admin ,EAP  authentication certificate for replication and radius authentication.is i...

Hello, When trying to lanuch anyconnect profile editor I see this error  "Failed to load Main Class: com/cisco/acprofile/AcProfile" I tried on latest anyconnect version and older same error