Hi Guys, I'm trying to find out what the best way would be to control access to our ISE PSNs via SSH. At this moment SSH is enabled which permits access to the devices from almost anywhere in the LAN. Are there options to enable host based ACLs to p...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Hello Cisco Experts, Need your help on how to configure Symantec VIP 2 factor authentication to authenticate my SSH sessions to Cisco routers and switches.*Primary authentication would be RADIUS*Secondary Authentication would be Symantec VIP I have t...
Hi,In our rapid threat containment setup with Firepower and ISE, we assign a specific SGT when endpoints gets quarantined. We are trying to find a way to list all endpoints that are quarantined. Since the clients are assigned a specific tag, I am loo...
When connecting directly to console on an ISE 3655, it is showing non-readable characters. Customer is using Putty and baud rate is set to 9600, it is a new node, it has never worked before. Please see error attached. Can it be a hardware issue...
Hi I have a Cat 9300-24T switch running IOS-XE 16.10.01 and configured with Device Sensor. I am testing Endpoint Profiling using the Cisco Device Sensor feature. RADIUS accounting is configured to send Device Sensor data to ISE, but I don't see ...
We use ISE/Radius to authenticate AnyConnect VPN users. Currently all users are in the ISE internal database, and the policy is easy: From the VPN firewall using Radius protocol, authentication will go to internal database. Now we would like to migra...
Hello Friends! Please help me to understand switch behavior, sometimes I see in the auth session result an ACL policy called OPEN DIR ACLIt looks like this SW_1#sh authentication sessions interface gigabitEthernet 1/1 de Interface: GigabitE...
Resolved! ISE and EAP-TLS
HiWe're planning on implementing eap-tls for our corporate iPads and in the past I've successfully tested it authenticating against ACS5.3 but now that we've moved to ISE (1.1.1.24) I'm getting an error.22045 Identity policy result is configured for...
Hi Experts,I have an issue, where posture on anyconnect gets stuck at 26% while checking for conditions. I noticed that this is caused due to the SCCM patch definition check which has been specified in one of the conditions.It is observed that on som...
Hi, we are in a process of deploying ISE for the organization. recently, we have been told that, we need plus licenses for Cisco Phones to do 802.1X.01. Why do we need special profiling when Phone can initiate 802.1x session02. why can't we use CAPF/...
HI Everyone, I am deploying the Wireless dot1x authenticaton.i find the client authen success on ISE live log,but after i attach the detail log, it shown "event :5206 pac provisioned" and EAP failure,what's reason about this? thanks
Hello Team, I have a 2960-x switch and it has failed to redirect domain traffic to ise using the redirect ACL, but when i type in something like 1.1.1.1 in the client computer, the redirection takes place and it redirects to the ISE's guest portal bu...
I have a customer trying to leverage the APIs to manipulate policies. They are using ISE for their authentication and policy associated with MDU WiFi. Speaking with Stephen Colby, he mentioned that some functionality is coming with policy authoring ...
Hi Cisco Community, I have set up posturing on our ISE servers for Anyconnect clients. This is working fine but an additional requirement is for ISE to scan the endpoint machine for a specific certificate located within the Trusted Root Certificate ...
Hello I am in the midst of a security audit and one of my issues is the password hashing algorithm on a switch is type 4. I am on IOS 15 so I was wondering if there was a way to increase the algorithm in place?What I am asking is can I upgrade the al...
