Network Access Control

Hello All,   I would like to confirm, what are the IP addresses expected to be resolved when using the URL for posture updates  https://www.cisco.com/web/secure/pmbu/posture-update.xml ?    Recently, that URL is resolving to these IP addresess:   o ...

When users add their own devices via the my devices portal, the device always shows "pending" as a status.  While the device does operate properly, this is confusing to the users.  Is there a way to disable the pending status?  Hide it?  

I seem to recall that if a switch looses connection to all PSN nodes, the authentication session will remain active for a during of time? Is this correct or I'm remembering it wrongly?

Hello there, I created a NAD profile for Pica8 switch, now when I create an authorization profile I see the ACL and VLAN fields under the common tasks section but there is no DACL field shown. What should I do in my NAD profile to display the DACL fi...

Hi,  For RADIUS, if we test with legacy (test aaa group radius username password legacy) old port numbers(1645/146) are verified. Whereas if replace legacy with new-code(test aaa group radius username password new-code), it tests newly assigned port ...

Hi everyone,We've been struggling in this situation for a few days.We have the following scenario for our ISE deployment:User and Machine Authentication with EAP Chaining, using Certificates for both, Supplicant is Anyconnect NAM. We are in PoC stage...

In 2.3, you could create a Policy Set that had a "Starts with" condition for matching a NAS_IP. However, in 2.4, we are only seeing equals/not-equals as a condition. Is this a bug or did something change in 2.4 that removed the "starts with" conditio...

Trying to use logical profile based on LLDP system-capabilities information in authorization rule but it doesn't work because information is only transmitted to ISE in RADIUS Attribute Value Pair inside accounting request, and the accounting only hap...

Hi Team,I have 1000+ users who need 802.1x to be enabled. (Windows, Ubuntu, Mac Os). We have configured the CISCO ISE and wonder is there's any way we can use a batch file to deploy. We can ask user to download and run the batch file. Have anyone don...

Hi, we have a 2 node ISE deployment with authentication requests going to ISE1. This is configured for multiple different connection types and all works as expected. However, when I test the PSN failover by removing ISE1 from the network I have issue...

Okay so let me start off by saying that i know my way around an ASA and today i foud myself wanting to properly differentiate between all the authorization commands. So far as i can tell there is only 2 that useful and have any sort of impact.First o...

Hi Experts Is it possible for guests to use the Self Registration Portal to create their own credentials and the same credentials to be written into Active Directory? Please help,Tshepiso Nkoale. 

Hi Guys:I'm new in ISE and now I have a good challenge to enable a Posture module for a current environment with dot1x.  my deal is I have 30 authorization rules with the syntaxes of:item 1 AD_group_A then applied VLAN_Aitem 2 AD_group_B then Applied...

  Is there a native way, within ISE, for guests to easily access the Guest Device Registration Portal at a later time? Use Case - The Guest self-registers their mobile device.  Later in the day, the Guest wants to add a video game console to the Gues...