Network Access Control

Cisco Access Control Server (ACS), Identity Services Engine (ISE), Zero Trust Workplace
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

Labels

Forum Posts

Resolved! ISE Certificate Question: LWA to CWA

Looking to move from LWA to CWA for wireless guest access. Have a separate DNS appliance with a subdomain it’s authoritative for: guest.example.com On the certificate side, we have a CN=ise.example.com and SAN=ise.example.com and *.example.com used c...

Resolved! ISE Certificate-based authentication

Hi All, I have a customer that need to authenticate and authorize endpoints using some advanced certificate fields like extended key usage, organization unit and much more without going to any other external identity source like AD , just from the ce...

john5 by Beginner
  • 2343 Views
  • 6 replies
  • 0 Helpful votes

Resolved! Cisco CDA has its own syslogs? And can it be scanned for vlnerabilities with Nessus Tenable?

Dear cisco team,My company is implementing CDA in the environment and I wanted to ask if CDA has its own logs that can be forwarded to a monitoring server like IBM QRadar. I know it can gather logs from other devices and forward them but does it has ...

Resolved! IPPHONE don't dot1x authenticate after cat3650 reload, go to mab and not re-authenticate

Hi Team, I have catalyst 3650-24p-pdm with dot1x enable for multiauth, after reloading the switch, all IPPHONE failed to dot1x authentication and go to mab, even if the priority is set to dot1x and even after increasing the timeout/retries. if I shut...

nkleiman by Cisco Employee
  • 228 Views
  • 2 replies
  • 0 Helpful votes

Resolved! AD Profiler Recheck

How is the rescan configuration on the AD profiler supposed to work?  I have the following shown under an endpoint:   AD-Fetch-Host-NameMININT-2JIERJF$   MININT hostname is used during WinPE phase of an SCCM build process.  So ISE learned that name d...

paul by Advocate
  • 295 Views
  • 3 replies
  • 0 Helpful votes

Resolved! IP-phone Domain shows as DATA instead of VOICE

Hello, Can someone please explain why an IP-phone shows as data instead of VOICE   Device#sho authentication sessionsInterface MAC Address Method Domain Status Fg Session ID-----------------------------------------------------------------------------...

BigK by Beginner
  • 1398 Views
  • 3 replies
  • 0 Helpful votes

Resolved! Cisco Switch configuration for ISE

Hi All,   Hope you all are doing good.   I am new on ISE and facing many challenges first and most important for me is to get the proper switch configuration.   I have below devices in my LAB ( This LAB is Only for Testing & Learning purpose )    2 N...

Resolved! Question: Public Root-CA vs private internal PKI for EAP-TLS from a security point of view

Hello,we're currently migrating from ACS 5.8 to ISE 2.2 in a pure MS Windows environment with MS Active Directory and MS Windows Server PKI for internal purposes. Every domain joined endpoint gets provisioned with a client-certificate over group poli...

Maxee by Beginner
  • 1296 Views
  • 3 replies
  • 0 Helpful votes

Resolved! Bulk addition of Endpoints to Identity group via XML API call

My project takes a .csv file with at least one column of MAC addresses, and adds those MACs/endpoints to a specified Identity Group. I have a working solution for a single MAC on this thread, but the latency is fairly large for a single API call.  Ho...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers