Hello,I am running ISE 2.4, on prim Admin I have installed patch 6, 9 but on sec Admin installed only Patch 9. because my secondary Admin was build months later so I did not install patch 6 on the same.Is there any problem??
Hi all,I would like to ask about 802.1x.It is very simple question for you but i can't understand easily.i would like to deploy 802.1x wired authentication. i am applied static vlan and ACL rule is already applied on the switches.Can i deploy 802.1x ...
I am doing RADIUS MFA for some of my use cases. The RADIUS timeouts when doing MFA are long because you need to allow users to do the MFA. The problem is I am getting high authentication latency false positives because ISE sees the 12 second respon...
Hi guys,I need help with redirection for ISE posturing.When I manually paste the redirection URL to my browser everything works fine but somehow, I can't get automatic redirection to work.I have attached everything that I think may be helpful for you...
Hi team, Our customer is asking us AAA policy as below: only "domain user + MAC address" can access to their internal network. Can ISE support the combined the condition like that? We are using the ISE 2.4 Patch 8. Highly appreciated for your q...
Hello,I have 2 ISE nodes Version 2.4, Running in Primary Admin and secondary Admin and PSN on both setup.I am running Radius, TACACS+ and Guest services.My Radius and Tacacs are working fine.2 Issues I am facing in my guest setup1.In Guest access sel...
Our desktop team is upgrading W7 to W10 and after upgrading the old W7 to W10 I have observed on ISE 2.4 some of the attributes still reflects the old W7 machine and hence the machine won't get profiled accurately.Stale attribute example being AD-Fet...
Hi, Shld it be "authentication host-mode multi-auth" or "multi-host"?I am connecting a IP phone and PC via the same port. Voice and data traffic same port.
I'm trying to setup a switch so that it will send a non-dot1x supplicant to a guest vlan so that they can retrieve and install the dot1x configuration files. Then once they reauthenticate they get authorised by our NAC system which works via freerad...
i have ISE integrated with MDM server and a device that has already authenticated on the network, and stays connected, but fails out of compliance what will be the measure I have to take to ensure that a noncompliant device is checked periodically an...
I have a customer that has ISE deployed and has acquired another company that has their own separate ISE deployment. The customer was wondering if we have a best practices guide to address the merging of these two separate ISE deployments into a si...
Dear All, Good day, I am very new cisco ISE. In my company we are using cisco 5508 wireless controller and cisco ISE. We have lot of domian and I can see lot of SSID. Now we implemented for some SSID with 802.1x authentication and I want to implement...
Hello,I am running two ISE 2.4 nodes in Prim Admin and Sec Admin and PSN enabled on both.I have installed patch 6, and 9 on Prim Admin and only Patch 9 on Sec Admin. As my Sec Admin was build Months later than Prim Admin so I did not install patch 6...
Hi,I'm trying to register the secondary ACS to the primary (log collector). When adding from secondary "Register to Primary" I'm getting the Connection timed out message (see below).I have confirmed they have reachability to each other and proper IP ...
I've read posts and documentation about the distributed deployment. Primary PAN and MnT in one DC, Secondary PAN and MnT in another DC. My understanding is that this requires at least 1 heath check node. Has anyone one done this in ACI with an EPG ...
