I am wondering if there is a way to send additional attributes from a Cisco 9800 WLC to our ISE server so that it can accurately profile a mobile endpoint? The issue is that I have mobile devices, for example an iPhone, that an employee is using thei...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Hi, due to security proxy restraints for the past year 1 I have been downloading posture updates approx once a week from this URL https://iseservice.cisco.com/ise/posture-update.xml this provides you a XML file which you can download and apply to you...
Resolved! How Essentials License work in Cisco ISE
Hi, I have ACS5.8 in my network with 500 devices license installed to it. As ACS is out of support now and we would like to move to ISE in next few months. I am wondering about How Essentials License work in Cisco ISE. Do we need to buy essentials li...
Resolved! Updating endpoint custom attribute using ERS causes ISE to perform reauthentication on ISE 2.2
Hello, We came across an issue that a profiled endpoint lost its profiling after its custom attributes were updated through ERS.In the body of the API call I had only included the mac address and a couple of custom attributes.I don't have full detail...
Ideally I'd like some sort of alert if a defined Network Device suddenly stops retrieving CTS environment data / policy. But I'd settle for being able to schedule a report to send out on expired PACs as a start. I know you can manually go to Administ...
Hi Experts,ISE: 2.6.0.156, standaloneThis is the first time that I have integrated ISE with a syslog server and everytime I login to ISE using one of the internal users, I get this message in syslog: Administrator-Login: A SSH CLI user has successful...
We are using EAP-TLS with MIC certificate for IP phones to be authenticated on wired dot1x. And have configured MAB as a fail back mechanism with dot1x having higher priority/order. Below is a snip from interface config However, we have encountered ...
Resolved! asa or cat switch login retry lock
hello, I wanna know if there have any way to prevent a brute login attack. e.g. if a user or IP login 5 times failure, ASA or cat switch will lock the use or IP for 30 minutes.how to config ?PS:on ASA currently, we use: aaa local authentication atte...
Hello, I'd like to ask a question about ISE syslog message 60057. We are trying to setup new monitoring in our network and we get this alarm very often. This message is being generated by all the peers of the node which having the issue actually. We ...
Resolved! Dot1x/RADIUS server failure
Hi Im looking for conformation of the default behavior of DOT1x in the event that no authentication servers are available and equally can this be controlled. I am mid deployment and testing and expect that my customer will require the network to perm...
Hi Cisco ISE guru, I ran into a weird scenario for an ISE deployment, I have deployed about 700 endpoint into enforcement mode(low impact). 2 endpoints passes dot1x auth/authorization and the session receives "permit ip any any" DACL, the dacl sh...
New to this...I am adding a second ISE to backup my standalone unit. I need help on how to do this, especially licensing.Do I need more base and plus licenses? APEX licenses? VM licenses? Does the secondary system 'share the licenses kinda like an AS...
Hello guysI have tried to integrate Cisco ISE 2.2.0.470, with an working Active directory, but show the following error message. I have checked several times the configuration but the problem persists. I have run the Test and none had failed.Any ide...
Hi Depending on what you read is is suggested that Dot1x AUTH and MAB can be made to operate concurrently thus getting MAB devices to authenticate to the network quicker. So far I have not been able to prove to myself that this is actually taking pl...
I'm trying to customize sponsor portal from ISE using this guide of @Jason Kunst https://community.cisco.com/t5/security-documents/ise-sponsor-portal-customization-manage-accounts-page/ta-p/3723852 Using this example: <script> setTimeout(function() ...
