HiMy ISE has NTP server configured , from the below output it synchronizes with the server but does not get the correct time when I output show clock show ntpConfigured NTP Servers: 172.16.5.1synchronised to NTP server (172.16.5.1) at stratum 9 ti...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
Forum Posts
Hi everyone, I am trying to deny access to some devices based on the OS types. I have identified those devices by profiling them and redirection works. The issue is that all the portal types in ISE requires users to enter some form of credential or a...
We are running Cisco ISE 2.4 patch 10 and we are facing issues in posture policy.I have created 4 policies for posturing in following sequence. Mobile devices ( to exclude mobile devices for posturing ) Unknown redirect for client provisioning portal...
I am new for Cisco. I would like to create user account that he/her can access to Cisco C9300 and do all the work as admin right but this account cannot reset password. Is there any account that I can create to close to my needed? Thank you.
Dear All, Looking for help for the below scenario. We have a Cisco ISE setup to authenticate VPN users and trying to do compliance check with Posture assessment. Based on the posture status VPN user will receive an authorization profile. We also wa...
Hi all,My ISE generates this error. Which debug commands on NADs can help me finding which SGT they are trying to download?Any help is appreciatedThanks in advance!
Good day everyone. Anyone know the best way to let users know how posturing works and how to guide them through when they first log in?
I'm in the process of setting up Active Directory access to Cisco Prime through ISE. I have an AD group that I'm using to allow access to Prime through one rule, and we also have a group used to allow network device access with another rule. Because ...
Resolved! Changing the "BYODRegistration" flag
Hi, Is there any way to manually change the "BYODRegistration" flag for an endpoint in ISE? Some of the BYOD endpoints lost their registration status from "Yes" to "Unknown". Why this might happen? Does increasing the number of "Employee Registered D...
Team, I have a rather successful wired DOT1X solution using EAP-TLS (PKI) running on my Cat3850 network. Ok, it's using ACS still but I'll rollout a better authentication server in the months to come. I have had to add a layer of switching in front o...
Hi, I am currently activating monitor mode. When i checked in Context visibility, some devices have Auth failure reason such as Rejected per authorization profile, subject nt found in identity stores,etc.When activating closed mode, does this means t...
Resolved! ISE Licensing
Hi friends. I want to deploy the cisco ise for 1200 client. we need posture and profiling. I think that the licenses that are required are: R-ISE-VMM-K9= L-ISE-BSE-P4 L-ISE-PLS-1Y-S4 L-ISE-APX-1Y-S4 L-ISE-TACACS-ND= and for any connect Te...
Dear All, We have two ISE nodes running on the version 2.2 primary and secondary. We have 2 Active directory, I want to know how ise authenticate with multiple active directory. If one goes down, how its authenticate with other. Regards,Kabeer
Hello EveryoneQ may seems silly but it's efforts reduction only subject :0)Let's assume that i've migrated almost all nodes (PAN&MnT + NxPSN) from 1.4 to 2.2 successfully with backup&restore approach. At this point i have single node running both PAN...
We are rolling out dot1x and are having issues with user authentication. Both the client and machine certs as well as the Eap cert on ISE were signed by our internal CA and PEAP works without issue. If I set the supplicant to EAP-TLS and only Comput...
