I'm trying to develop an AAA deployment for switch access that will give users access to 'enable' mode without re-authenticating. I'm using a 2960x running 15.2(2a)E1 code. Here's my config: aaa new-modelaaa authentication login default group tac...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Resolved! 802.1x in Windows 10 with Hypver-v
Hello, I'm trying to get Windows 10 with Hypver-v enabled to successfully complete 802.1x negotiations and posture assessment with Cisco ISE. When Hypver-V is enabled on Windows 10 with an External type vSwitch, the 802.1x service is moved from the...
I am building an ISE lab cluster for testing BYOD. This setup will mirror our production cluster. The ISE deployment is 4 x Internal ISE servers (2 x PAN nodes PRI and SEC plus 2 x PSN nodes PRI and SEC) and 2 x DMZ ISE servers (PSN PRI and SEC). Th...
Customer has ISE integrated with MDM. He understands that he needs Apex licenses for that. He also wants to do profiling of those endpoints but he wants MDM to do the profiling and pass the information to ISE. In that scenario does he need Plus licen...
Resolved! Should I be using the SNMP Query probe?
I am running v2.2 patch 14.I currently am using the following profiling probes: HTTP, Radius, NMAP, SNMPQuery, AD. I have a total endpoint database of ~41,000 endpoints, with only about 18,000 active. As I go through my contect visibility trying to c...
Wired guest (employee) portal is working partially as the user gets a successful authentiion message. But then ISE sends automatically a CoA request to bounce the port. Switch gets the request and sends ount a NACK instead a ACK. If we look into the ...
I have what I hope is a fairly quick question, I want to know how the authentication latency times are calculated in ISE 2.4 with an external identity source of an RSA server. I assume that the timer starts from the point a request is made, and ends...
Resolved! Make ISE standalone
Hi All I have an ISE deployment that was previously two nodes. The secondary node does not exist anymore. I deregistered it already. SInce I have no plans of adding a new secondary node, the next step is for me to make the current node from primary...
Hello,We have a problem that ISE 2.4.0.357 has lost the Network Devices and it can not be read them and will hung on status Loading.(See picture). If I try to Add a device, I have an Error "Failed to create network device - system error!" Best Regard...
hi everyone,I have a request for a customer. They are using laptops in WORKGROUP, not domain.*They want to check machine certificate on laptops + user credentials. For secure access, both should be matched.*They dont want to use Cisco Anyconnect Na...
Resolved! Machine Authentication
Hello everyone,I am learning ISE, installed v2.4 VM, configured EAP-FAST, user is authenticating but the machine is not, wondering if anyone can help. Authentication DetailsSource Timestamp2019-10-15 06:47:20.505Received Timestamp2019-10-15 06:47:20...
Resolved! ISE Upgrade from 2.4 to 2.6 Question
due to a recent security vulnerability found, we are pushing our ISE deployment v2.4 to v2.6 patch 2 I was hoping to get some input on others experiences on this upgrade process. Im hoping there are some others out there with similar deployment types...
Hello!I have a doubt about Standar ACL, My topology has two routers, two suitches, each of then with two hostsR1Dynamic routing protocol EIGRPF 0/0 10.0.0.1/24 -> SW -> two hosts (10.0.0.2/24, 10.0.0.3/24)R2Dynamic routing protocol EIGRPF 0/0 30.0.0...
Resolved! ISE posture NON-COMPLIANT not working
Hi,we use 2.3, patch 6 at the customer and the problem is following. The posture checks the update of the AM database and if it is older than 30 days, the PC should be noncompliant. The problem is that the posture updates stopped to download since 09...
Resolved! ISE 2.4 Command set not working
I want a simple command set, permit some commands (eg: show, dir, ping, traceroute ) but deny en or enable, intended that the user should never go to enable mode. My command set is as follows TACACS Profile PS: Doesn't matter what priv level I use ...
