Network Access Control

Resolved! ISE - AD account search

Hi, I have a customer that is wanting to use user authentication with user certificates (wired and wireless). ISE is joined to their domain and providing the RADIUS authentication. When ISE receives a user cert it learns the name from the CN or SAN f...

Domain wildcard certificate works on Windows 11 but not on windows 10

I have a domain wildcard certificate installed on my cisco ISE cluster for client authentication.I realized that windows 11 client were able to connect to the Wi-Fi but windows 10 client could not connect.Please any idea what can be done to the windo...

EAP-TLS Failure with Dropped Auth-Request Packets

Hello, I am having an issue getting EAP-TLS running in my environment. Basic rundown: Windows 10 with AnyConnect NAM, to 3850, to 4500, to 3850, to ISE running as a VM on ESXI. Certificates are all good according to NAM logs. The ISE policy set I'm u...

Resolved! Cisco ISE 3.X and TLS 1.2

Due to a vulnerability scan, I am tasked with upgrading the TLS version on multiple hosts, one being ISE. Does ISE 3.1 support TLS version 1.2 or 1.3? I can see in the security setting in ISE I am only given the options to allow TLS 1.0 and TLS 1.1 T...

24407 User authentication against Active Directory failed

Hello, I am implementing ISE 3.2, and facing an issue where users are unable to change their expired passwords. I receive the following error message:24407 User authentication against Active Directory failed since user is required to change his passw...

Dot1x - computer changing port and does not get an IP

Hi, I have a recurring problem with laptop users, when they move in a building and change connection port, they do not get an IP. The first time they connect, they do get and IP but after moving in another office, they do not get an IP. We are using ...

Resolved! ISE 3.2 Azure AD - Intune authentication/authorization certificates

Hi, By reading many times this article would like to clarify the following on a Cloud only environment (Azure AD and Intune, NO ADCS and NO traditional AD): Cisco ISE with Microsoft Active Directory, Azure AD, and Intune - Page 2 - Cisco Community ...

5400 Authentication failed

Hi ALL,We suddenly encounter issue on Wired connection with ISE, but on wireless no issue at all.Every time laptop authenticates on wired, we got these logs from ISE:Failure Reason :12953 Received EAP packet from the middle of conversation that conta...

CISCO ISE HARD DISK REPLACEMENT

Hi Team, Can anyone tell me what are the steps we need to follow to replace the hard disk in cisco ISE hardware appliance.and please clarify me am i need to follow any configuration in CIMC for this and will it support hot swappable.

Resolved! Query Regarding Discrepancy in Active Session Count from ISE API

I am using the following API to fetch the authentication list of active sessions from Cisco ISE:https://<ISEhost>/admin/API/mnt/Session/AuthList/starttime/endtimeWhen I retrieve the data using this API in Postman, I also receive a count of the total ...

Role based VLAN assignment needs to add a Domain check

We have role based VLAN assignment at my company. The issue is that in the current config the users can bring in their own devices, authenticate with their work credentials and then get access to internal resources. My solution is to add a domain che...

No Cisco Live logs in ISE

I have an issue where a new deployment is not seeing any Radius live logs.. After checking the alarms it would appear several nodes are requiring the ISE messaging service cert to be regenerated, what are the correct steps for this? Thank you

Cisco ISE is Missing endpoint IP Address (Managed Forti Switch)

Hello, In our case we have a fortinet firewall (7.2.8) and about 30 fortiswitches managed by fortinet. We are going to perform eap-tls auth with certificate for 802.1X users & computers and MAB for devices like printers, cameras,phones e.t.c. My iss...

High memory utilization on ISE 3.1 after patch upgrade - patch 9

Hi Team, We are noticing high memory utilization on cisco ISE 3.1 nodes after patch upgrade. we upgraded from patch 3 to Patch 9. The memory goes upto 80+ percent and then at one point it immediately reduces to 40%. When the memory goes high, it is...

Resolved! Which encryption scheme to use during import

Hi,Cisco ISE has the option to export the local user accounts to a CSV file. Passwords in that file are encrypted with a password which is entered upon export.Now I want to create my own import files, but these need to contain the encrypted password...

Network Access Control

Forum Posts

Resolved! ISE - AD account search

Domain wildcard certificate works on Windows 11 but not on windows 10

EAP-TLS Failure with Dropped Auth-Request Packets

Resolved! Cisco ISE 3.X and TLS 1.2

24407 User authentication against Active Directory failed

Dot1x - computer changing port and does not get an IP

Resolved! ISE 3.2 Azure AD - Intune authentication/authorization certificates

5400 Authentication failed

CISCO ISE HARD DISK REPLACEMENT

Resolved! Query Regarding Discrepancy in Active Session Count from ISE API

Role based VLAN assignment needs to add a Domain check

No Cisco Live logs in ISE

Cisco ISE is Missing endpoint IP Address (Managed Forti Switch)

High memory utilization on ISE 3.1 after patch upgrade - patch 9

Resolved! Which encryption scheme to use during import

Messaging Quick Link Error after applying hot patch

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

Is 802.1x + google sso authentication possible?

Default Route SGT

PX Grid Connector and Service NOW

Cisco ISE Counter for Authenticated Guests does not count up

Preparing the SNS 3615 for ISE 3.4 upgrade

BeyondTrust Remote Support dACL

SWITCH LOCAL USERS Failed auth when Server ISE is UP

Dynamic Vlan -Voice using Cisco ISE