Resolved! ISE SGACL not completely pushed to NAD
Hey All,I have fabric network where ISE is Policy enforcer not DNAC. I have more than 150 SGACL in ISE and pushed. When I check the NAD I do not see all of them. What can be reason for this?
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
We are experiencing an issue which affects some endpoints after they have been re-profiled. From time to time we see endpoints that have been profiled as a specific type of device (i.e. Windows10-Workstation), get re-profiled as a generic device such...
Hello, In a hybrid deployment with 3695 as PAN & MnT, a PSN based on the 3655 would support up to 50,000 concurrent sessions, or just 25,000 sessions? Looking at the ISE PSN Performance table on the ISE Performance & Scale page, for the 3655 appl...
Resolved! nessus scanner service account in ISE
Hi Experts We've received an request from the security ops team to create a new service account for the 'nessus' scanner (with AD integration) in ISE with Read only privileges to scan the ISE devices. Typically, we'll use 'nessus' scanner to scan the...
Resolved! option to enable ssh from ISE GUI
Dow we have an option to enable ssh from ISE GUI
Hi,I'm trying to create a authorization policy using an active directory OU (both user and machine objects). But I'm unable to the OU to ISE. It only allow security groups. Please advise.
Hi all, Are there any SXP scaling numbers available for SNS-3655 running ISE 2.4+ when the respective nodes are deployed in standalone mode with all personas running on the same node (2xSNS-3655 redundant in total) ? The latest BRKSEC-3432 does not...
Resolved! SSH key pair with TACACS account
Can you combine ssh key pair with tacacs user for authentication for routers and firewalls?
Hi All, I have a question , and i hope someone can help me with this one. Currently i have an distributed deployment of 8 ISE nodes (software 2.3 with Patch 1 + 2). The ISE is joined with an Active directory an all is working. However: We ha...
I have set up a pretty wide open policy set for some Juniper firewalls, and it is allowing the authentication in ISE, but the same auth still fails on the Junipers. Any ideas?
Resolved! Identify unique number of users
Team can you help me with this, - what report can be generated to find the the total number of unique users that have been authenticated or posture checked by ISE let's say in the last 24 hours, using filters in context visibility shows me currently ...
Resolved! Port 8443 not working on PSN deployment
Hi all, i have a problema with ISE 2.1 patch3. We have 2 nodes (1 primary admin/sec monitor and 1 sec admin/pri monitor). Guest portal on Node1 is working fine (port 8443) but is not working on Nodes2. Typing command "show ports" on node2 there is no...
Resolved! ISE Ports & Purpose
I am hoping to find documentation on the ports that a typical ISE deployment utilizes and a description of their purpose. I have a very good energy customer that must meet strict compliance mandates where all of their services are concerned. For t...
Hi, Can ISE (device administration) controls device admin users location (IP address) so that user can login NAD (router/switch) from specific IP address? As per my understanding, ISE can't restrict device admin users based on IP Address as ISE commu...
Resolved! WLAN Interface Groups with Cisco ISE
Hi, Is it possible in Cisco ISE to push wireless interface group for WLAN 802.1x? Also, is it possible for ISE to have an authorization policy like the following logic, 1. Each floors will be configured with a wireless ap-group (example, Level 1 will...
