I configured NTP point to my Window server for time synchronization.Unfortunately ISE always select LOCAL(*127.127.1.0) as a time source.Does we have any configuration to force the ISE to sync time with Window Server?Thank for your kindly support.No...
HiMy ISE has NTP server configured , from the below output it synchronizes with the server but does not get the correct time when I output show clock show ntpConfigured NTP Servers: 172.16.5.1synchronised to NTP server (172.16.5.1) at stratum 9 ti...
Hi everyone, I am trying to deny access to some devices based on the OS types. I have identified those devices by profiling them and redirection works. The issue is that all the portal types in ISE requires users to enter some form of credential or a...
We are running Cisco ISE 2.4 patch 10 and we are facing issues in posture policy.I have created 4 policies for posturing in following sequence. Mobile devices ( to exclude mobile devices for posturing ) Unknown redirect for client provisioning portal...
I am new for Cisco. I would like to create user account that he/her can access to Cisco C9300 and do all the work as admin right but this account cannot reset password. Is there any account that I can create to close to my needed? Thank you.
Dear All, Looking for help for the below scenario. We have a Cisco ISE setup to authenticate VPN users and trying to do compliance check with Posture assessment. Based on the posture status VPN user will receive an authorization profile. We also wa...
Hi all,My ISE generates this error. Which debug commands on NADs can help me finding which SGT they are trying to download?Any help is appreciatedThanks in advance!
Good day everyone. Anyone know the best way to let users know how posturing works and how to guide them through when they first log in?
I'm in the process of setting up Active Directory access to Cisco Prime through ISE. I have an AD group that I'm using to allow access to Prime through one rule, and we also have a group used to allow network device access with another rule. Because ...
Hi, Is there any way to manually change the "BYODRegistration" flag for an endpoint in ISE? Some of the BYOD endpoints lost their registration status from "Yes" to "Unknown". Why this might happen? Does increasing the number of "Employee Registered D...
Team, I have a rather successful wired DOT1X solution using EAP-TLS (PKI) running on my Cat3850 network. Ok, it's using ACS still but I'll rollout a better authentication server in the months to come. I have had to add a layer of switching in front o...
Hi, I am currently activating monitor mode. When i checked in Context visibility, some devices have Auth failure reason such as Rejected per authorization profile, subject nt found in identity stores,etc.When activating closed mode, does this means t...
Hi friends. I want to deploy the cisco ise for 1200 client. we need posture and profiling. I think that the licenses that are required are: R-ISE-VMM-K9= L-ISE-BSE-P4L-ISE-PLS-1Y-S4L-ISE-APX-1Y-S4L-ISE-TACACS-ND= and for any connect Term LicenseBandi...
Dear All, We have two ISE nodes running on the version 2.2 primary and secondary. We have 2 Active directory, I want to know how ise authenticate with multiple active directory. If one goes down, how its authenticate with other. Regards,Kabeer
Hello EveryoneQ may seems silly but it's efforts reduction only subject :0)Let's assume that i've migrated almost all nodes (PAN&MnT + NxPSN) from 1.4 to 2.2 successfully with backup&restore approach. At this point i have single node running both PAN...
