Network Access Control

Hi Team, I currently unable to login ACS on all method (GUI,CLI and Console). This ACS running fine right now, all users PC can access system. But need to add new mac address pc/laptopfor new deployment on ACS.  If i reboot the ACS, current users wil...

Would appreciate it if someone could verify the switchport configuration I have for low impact mode. My switch is running denali release. Do you see any issues with the below policy-map and classes? Also what about service-template AUTH_SUCCESS, its ...

Hi all, To facilitate switch administration using ISE as radius server, I have configured my ISE (v2.4) with the policy set as below.1) Condition - Radius: Service-Type Equals NAS Prompt2) Allowed protocols: PAP3)also configured the necessary authent...

Hello, Migrating from ACS to ISE.We currently only have 100 base licenses, we will ultimately need more.However in our current test wifi environment I note that the number of live radius live sessions is less than the number of licenses consumed (5 l...

I have a customer that is using a hotspot portal as a message for blacklist devices.  It basically tells them that their device has been blacklisted and to call support at xxx-xxx-xxxx to fix the issue.  The reason we are using the hotspot as a messa...

Hi Team,    1. What is the Passive ID limit for number of supported Active Directories?  Does 50 DC/ forest limit apply to here?   2. Is there any way to strip the domain name using Passive ID service?   Thank You!   Best regards, Gyorgy

Hi Cisco Community! I have a silly question.  I'm looking to configure an ACL to allow 10.0.1.43 to ONLY be able to communicate with 10.0.254.52 via any protocol but no other machines or internet. The machines are part of the same broadcoast domain b...

Is it possible or recommended to have the deployment shown below; Node 1 - Running Admin+MnT (Primary)+PSN - SNS3595 Node 2 - Running Admin+MnT (Secondary)+PSN - SNS3595 Node 3 - PSN - SNS3515 Node 4 - PSN - SNS3515 How many endpoints would suc...

Hello team. Looking for some insight regarding the port range available for the ISE Guest portal.Today, using the portal setting UI in ISE the available port domain is 8000-8999.What is the reasoning behind this limitation? Or, asked a differently. ...

Where do you define the "Virtual Network" that is associated with the Security Group shown in the policy results configuration? 

hi, We are using 2.4 patch 9 ISE version, We have created various MAB group to allow the non dot1x supported devices. and also we have migrated the sites to closed mode.  Currently we observe few endpoints which are added to the MAB group are getting...

Do ISE 2.6 supports crowd stike v5 for NAC posturing condition like latest definition installed or not.

Hi,I have a question regarding Rest API on ISE 2.4.Is there any way to get all SXP static binding with additional information like IP. It would help to mange/deleting bindings.For SXP we get in response only 'sxplocalbindings id'.GET /ers/config/sxpl...

I have a customer with the following requirements. Can someone help to see if I'm doing it right?Authenticate windows clients via MAC address only (MAB).Posture check (Anti-virus definitions) via Anyconnect. Would like to check if below is the correc...

I am helping my customer navigate through what is needed to migrate off of their ISE Physical Appliances and onto Virtual Appliances.   TAC/Licensing stated that the customer needs to purchase two R-ISE-VMS-K9 virtual machine licenses because “there ...