Network Access Control

AAA config clarification... Difference "authentication port-control auto" AND "dot1x pae authenticator" ...

Hello everyone! I'm using aaa dot1x config for some years.. but never got into the detail to understand which command does what.Could you guy help!What is the difference between:Scenario:int gi1/2/10switchport mode accessswitchport voice vlan 10authe...

Resolved! PC behind IP phone EAP-TLS

Dear All, Could you please let me know. What is the recommended combination of implementation authentication when PCs connected IP Phones? What is the logic behind using one as compare to the other? or drawbacks using one. As per my recommendation ...

ISE PSN in Azure Cloud

Greetings, I'd never thought we would have a use case for this but turns out we do have a use case to run ISE in the Azure regardless of the cost. So, does anyone know, and yes I've reached out to our Cisco sales folks and still waiting, when will C...

Problem Incremental backups

Hi, We are having problems with the Incremental Backup of the ACS, every day fails the incremental backup (its configured daily) and this causes that the configuration is changed to OFF after failing. Also, we receive ater mails about the limit of t...

ISE Guest portal is not working for Guest in separate VRF

Hello, I'm working on a deployment where we need to redirect wireless guests to a web portal for authentication. We're using CWA - the radius server sends a url-redirect to the NAD ( Meraki AP ) , as well as the url-redirect acl that is meant to spec...

Resolved! ISE 2.7: When will the documentation be uploaded?

Hi everyone,A couple of days ago ISE 2.7 was uploaded to the Cisco site.Oddly enough there wasn't an open beta on the Customer Connection page, so no release notes are available there. Any chance we can read what's new in this version here, or altern...

Resolved! Enroll a Mgt port as dot1x supplicant (client) to AD

Hi everybody I'm building a lab to test the authentication methodes of all connected clients in our company (cameras, fire access points, PC, IP phones, APs., technical devices..etc) to our IP N/W. To do that I've a C3650-24 switch acting as authenti...

Win10 SoftDisconnect feature and ISE Posture compatibility?

Just wondering if anyone has seen issues with Win10 and WIRED posture. We have seen random issues with posture where clients say compliant but they are still have the redirect ACL on wired session. When looking at the logs, we see a machine go thro...

Resolved! Endpoints in pending state post posture check

Hi Experts,SetupAnyConnect 4.7.04056 with compliance module 4.3.838.6145.We have started a pilot test posture via AnyConnect for the users on one floor, since the deployment we are seeing that endpoints are getting stuck in pending state.Even when An...

Resolved! ISE compatibility with HP switches and Fortinet AP

Hello guys, I am unable to find much info about below devices in ISE 2.6 network compatibility guide so seeking suggestions here: Switches HP 2530,HP 2626,HP 3400CL,HP Aruba 5412,HP 2510Wireless: Fortinet Access Point Please advise if the devic...

Resolved! Cisco Prime Access Registrar REST API

Hi Folks,I have an installation of CPAR. I need to provision it with REST, however, I am struggling with the documentation. I can send a curl as follows:C:\Users\MyPC>curl "http://<ip>:8080/RESTAPI/service/getobject?typeid=16" -H 'Cluster:'Cluster is...

Cisco ACS 4.2 csv for set static ip address.

I am add user (evgeny) to the ACS4.2 via RDBMS with a .csv file. 1,0,79-041-071,Default Group,100,,testpass,,,15/26/2019 00:00,0,,,0How can I simultaneously add static ip address and other option separate (CHAP/MS-CHAP/ARAP).Have anyone maybe a samp...

AAA Console - Prevent lockout

Hello Team,I have a Cisco Nexus 5k switch. Currently I have AAA configuration as below :aaa group server tacacs+ ACS_Serveraaa authentication login default group ACS_Server localaaa authentication login console localaaa authorization config-commands ...

802.1x workstations keep going to guest vlan

any ideas why workstations keep going into guest vlan? what are your workarounds? current config: interface GigabitEthernetX/Xdescription xxxxswitchportswitchport access vlan 22switchport mode accessswitchport voice vlan 26authentication event serve...

Resolved! ISE dual SSID BYOD with Apple CNA

Hi Is it possible to use the BYOD Apple Mini Browser flow with dual SSID BYOD differentiated portal set up documented by Hosuk Won in the (great) prescriptive deployment guide here:https://community.cisco.com/t5/security-documents/cisco-ise-byod-pres...

Network Access Control

Forum Posts

AAA config clarification... Difference "authentication port-control auto" AND "dot1x pae authenticator" ...

Resolved! PC behind IP phone EAP-TLS

ISE PSN in Azure Cloud

Problem Incremental backups

ISE Guest portal is not working for Guest in separate VRF

Resolved! ISE 2.7: When will the documentation be uploaded?

Resolved! Enroll a Mgt port as dot1x supplicant (client) to AD

Win10 SoftDisconnect feature and ISE Posture compatibility?

Resolved! Endpoints in pending state post posture check

Resolved! ISE compatibility with HP switches and Fortinet AP

Resolved! Cisco Prime Access Registrar REST API

Cisco ACS 4.2 csv for set static ip address.

AAA Console - Prevent lockout

802.1x workstations keep going to guest vlan

Resolved! ISE dual SSID BYOD with Apple CNA

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

Default Route SGT

PX Grid Connector and Service NOW

ISE Posture: secure client stops posture synchronization

Posture Script Condition–Fails to Connect When SHA-256 Fingerprint Add

ISE 3.3 system certificate update

ISE Polcy Question

Downtime for certificate renewal - ISE 3.2

ISE Profiling Conflict

Scenario ISE-Pri dead and promote ISE-Sec to Primary