I have some devices that are hitting my default (open) rule that I want to hit an earlier rule. The problem is that I am not getting enough attributes from them until I have the profile perform an NMAP scan. But the device has already performed auth ...
Hey guys, Wanting to know if there is anyway in the Dacl syntaxto get host range /24 to work we have a range of hosts, 135 of them that every time we add a new server we have to update the Dacl.what i would like to do is something like this to keep i...
With current configuration setup for ISE and ID-PSK, using Cisco AV Pairs in the Authorization profile to hold the network key - these attributes in the Authorization profile are shown in clear text in the Live log details. The ISE Live Logs are acce...
I have created sub-policy to Microsoft-Workstation that looks for the same attributes, but adds in DHCP host-name. The devices are still getting profiled as Microsoft-Workstation instead of 'SJ-Desktop' even though they clearly meet the host-name cri...
Hello, I am looking at some of the ISE designs and had a question around the following design. If I run two PAN/MnT nodes but run primary PAN/secondary MnT on Node 1 and Primary MnT/secondary PAN on Node 2 is there still a limit of 5 PSNs in this dep...
Hi, I am in need of suggestions on current solutions that can be deployed to provide secure third-party remote network access. Some of our vendors need to connect via the internet to servers and equipment they have provided (for monitoring & manageme...
I am seeing the error "Policy with a scan action must contain scan action rules and vice versa". I'm having trouble understanding what this is trying to tell me. I tried creating my own NMAP scan action, but that didn't work either.
Hello, I have a problem with setting up SXP session between catalyst switches and ISE secendary node.All switches has SXP session to ISE primary (172.29.134.140) node set up.None of these switches has SXP session to ISE secondary (10.102.196.1) node ...
Hi experts!There is a Post-Upgrade step for ISE version 2.4 in the documentation:"With the operational data backup of MnT data that you created before update, restore the backup.Failing to perform backup and restore could trigger a High RADIUS Disk U...
Hello, As the above states I am trying to get my Cisco router to authenticate through our FreeIPA server and cannot find any info on this anywhere. The only thing I get is how to setup the router to be an LDAP server and I do not want that. Has anyon...
Hello, past the Patch 13 on my ISE 2.2 we dont can use special character, (example ä,ö,ü, -) in usernames. Have anybody a soloution ? Norbert
Dear all, My client is planning the procedure for migrating my four PSN (SNS-3515). They have four remote PSNs in two different countries away from the main ISE cluster in North America. For those my client did not have to buy new because they are...
Hello everyone, I am running into an issue with ISE and authentication. If I run my script to create a network device it does so and it shows up in ISE, however when I try to have the device authenticate with ISE, in the radius logs, I can see that I...
Hi all,I have a RADIUS server running on windows 2003. I am using cisco 2960 switch, everything is working fine but i need to test the local user account on the switch so that i dont lock myself out if the radius server is not available.which command...
I am attempting to automate the imaging process in an environment by utilizing ISE profiling.I have the following pieces working as expected:Using the DHCP probe with the dhcp-class-identifier STARTSWITH PXEClient:Arch:. The endpoint MACs move to a ...
