Hi,I am doing authentication of endpoint devices. The default reauthentication timer on switchports are 3600 seconds. Why is reauthentication needed? Isn't it enough that a device is authenticated when it connects only?When the reauthentication timer...
We proceeded with the export report to the repositryBut I can't get out of Queued state.Repositry is configured correctly and communication between ISE and FTP Client is fine.Is there a solution??
Hi, The cisco ISE 2.7 is integrated to amp for endpoints. I would like to block endpoints that are compromised. I can see compromised endpoints in ISE with severity level as painful. Is there anyway to block these endpoints in ISE? Thanks,
HI i am going to deploy NAM and ISE Posture for dot1x and compliance only is core and vpn module required and why
We treat our BYOD users the same as Guest (not a BYOD flow). Instead of authenticating againt Guest Users, it uses AD crendentials then allows Internet access only. It's been working until recently. On iPad/iPhone with iOS 13.x/14.x, the "Cancel" but...
We are in the process of investigating ISE as our NAC solution but are having a hard time finding any information on the 3rd party "play nice" list. We have an existing FireEye deployment that we are hoping to be able to leverage rather than rip it o...
Hi,I'm new to cisco ISE smart licensing.We've purchased ISE with Base license for 2000 session and 1 TACACS+ License.After I've done smart licensing, only TACACS+ is showing as in compliance. And Build license is in Released Entitlement state.We've n...
Hi Everyone, Since cisco the only option for ISE v3 is smart licensing, I have question about how often do I have to connect my ISE server v3 to internet so it can update its licenses. Regards
Hi there,Customer wants to receive a message from ISE (using syslog, SNMP, SMTP) when the ISE certificates are about to expire.Is there a built in syslog, SMTP or other notification method for this?regardsHenk
Hi All, Looking for MAC filtering ideas I can turn in to a config on a few ISR4Ks running Fuji 16.9.5 Use case:Allow only white-listed MAC devices to access a wireless network and drop all other traffic. Equipment:ISR4K with 3 WAN ports and 8 Ether-s...
Hello, I have an issue with posturing on ISE 2.6.0.156, patch 5. I have posturing with cisco AnyConnect. I have a condition as Mandatory which failsfw_enabled_v4_fw_ANY_ANY_ANY But from the PC I see that the firewall is enabled. Both on gui and cli....
Hi I have my clients connecting via Peap sessions, but a few weeks ago my clients started to fail authentication randomly during to day. If i look at the logs i see the client authenticate successfully via PEAP (EAP-MSCHAPv2) but then a few hours lat...
We currently have a separate guest wifi infrastructure in place that is isolated from the rest of the network.The guest ap's are patched on a Cisco SMB switch, which in turn has connectivity with an interface on the firewall.There is a firewall polic...
I'm training to deploy ISE 2.7 and can't find the steps to deploy it for TACACS+ and 802.1x. I've finished building and deploying ISE as a VM and have access to both the GUI and CLI. Now I'm looking for the steps and what order to do them in to ge...
Guys, looking for DC-DR static IP solution for Anyconnect VPN clients.Current architecture is Anyconnect <> DC ASA <> DC ISE <> Corp AD Anyconnect user gets a static IP. IP is binded to static IP properties of AD user in Dial-in Tab.DC ISE fetches th...
