Hi All, Just want to confirm if you enable the MAR cache distribution, will it require the ISE services to restart?How to have visibility of two server that MAR distribution are done? anyway to confirm? We have two server PRIM and SEC. our current ve...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Hello, I hope you have seen this behavior, if not, please share your ideas. we have a deployment of one PAN and 6 PSN nodes across multiples regions in the world. Background: Each location has its own WLC 8500 series and we have a ISE 2.0. Each WL...
Hello, we are currently in the migration phase to a catalyst 9800 wlc. I am currently working on the tacacs configuration and I making no progress with setting up the lobby admins tacacs profile. With the old airos wlc you could simply select "Lobby...
Hello When I use windows 10 client to contect with a wifi,I'm doing the same thing as in the old version. But Network Setup Assistant crashed during install and installation failed. I attached failure message screenshot. I check in this Windows cert...
Resolved! CTS SXP design (no SDA)
Hi team,let's assume I have multiple campus networks with tons of access and distribution switches.I want to use SGT for different reasons. The SGT classification happens at the access layer via MAB or 802.1X (basically in ISE authoriization results)...
Hi,A 802.1x port on a switch will grant a hub access if there is a 802.1x PC connected to the hub.Non-802.1x pc's can access the 802.1x network if they connect to the hub and spoof the mac-address of the 802.1x PC (switch port uses single-host mode)....
Hi,I would like to put two non-dot1x endpoints of same type/model of hardware from the same manufacturer, in different VLANs. I would like to use profiling condition/policy and then call it in Authorization rule for VLAN assignment. Can someone sugge...
Resolved! ISE 1.4 EAP certificate renewal issue
Hi, I have a four node ISE cluster that one of the EAP certificates has expired. A new certificate has ben issued with the same subject as the exiting one. I am prompted that I can only have two certificates with the same subject when I am replacin...
Hi,I'm just quickly playing around with SGT assignment via the Cisco ISE.The plan is quite simple. There's no SXP protocol at all in the network. I'm just having an access layer and assign a SGT within authorization. I needed to create a SXP dummy de...
Resolved! Auto remediation of IBM BIGFIX (IEM)
Hi,We are working on PoC for a customer to get order for ISE.Customer has IBM BIGFIX for patch management and endpoint management for maintaining different agents.ISE supports IBM BIGFIX for posture compliance perspective.Does it support auto remedia...
Hi, I'm trying together with a DUO engineer to find a solution to create a TACACS policy in ISE where the authentication is done through a proxy-radius, while the authorization is still defined in (and returned by) ISE. The ultimate goal obviously...
Switch: 4510R+E, running a DEV version based off 3.6.0ISE: 1.2.0.899 patch 7 Hi, I have been working on a weird issue where some of my clients would randomly drop their IP address and the only way I could get it back was to move their port to authent...
Hello, we are trying to utilize TACACS Proxy for the following scenario, WLC < ----- > ISE2.6-Patch5 < ----- proxying ----- > Central ISE We are using the 'Service-Argument' attribute in the proxied request as below screenshot and we see this on both...
Hi Everyone,From what I understand, when you integrate your AD to your ISE deployment, the PSN will be the one that make direct connection to the AD. My question here is: does PSN query AD for every new/unique RADIUS session?Thanks. Best regards,Yedi
Resolved! BYOD and Security
HI All,I am giving a Demo session on BYOD, But still I am bit confused that how BYOD covering the end point compliance/security. As we cannot implement posture on personal device with BYOD. And how we can ensure that personal device connecting to cor...
