Network Access Control

With current configuration setup for ISE and ID-PSK, using Cisco AV Pairs in the Authorization profile to hold the network key - these attributes in the Authorization profile are shown in clear text in the Live log details. The ISE Live Logs are acce...

I have created sub-policy to Microsoft-Workstation that looks for the same attributes, but adds in DHCP host-name. The devices are still getting profiled as Microsoft-Workstation instead of 'SJ-Desktop' even though they clearly meet the host-name cri...

Hello, I am looking at some of the ISE designs and had a question around the following design. If I run two PAN/MnT nodes but run primary PAN/secondary MnT on Node 1 and Primary MnT/secondary PAN on Node 2 is there still a limit of 5 PSNs in this dep...

Hi, I am in need of suggestions on current solutions that can be deployed to provide secure third-party remote network access. Some of our vendors need to connect via the internet to servers and equipment they have provided (for monitoring & manageme...

I am seeing the error "Policy with a scan action must contain scan action rules and vice versa". I'm having trouble understanding what this is trying to tell me. I tried creating my own NMAP scan action, but that didn't work either. 

Hello, I have a problem with setting up SXP session between catalyst switches and ISE secendary node.All switches has SXP session to ISE primary (172.29.134.140) node set up.None of these switches has SXP session to ISE secondary (10.102.196.1) node ...

Hi experts!There is a Post-Upgrade step for ISE version 2.4 in the documentation:"With the operational data backup of MnT data that you created before update, restore the backup.Failing to perform backup and restore could trigger a High RADIUS Disk U...

Hello, past the Patch 13 on my ISE 2.2 we dont can use special character, (example ä,ö,ü, -) in usernames. Have anybody a soloution ? Norbert

Dear all,   My client is planning the procedure for migrating my four PSN (SNS-3515). They have four remote PSNs in two different countries away from the main ISE cluster in North America.  For those my client did not have to buy new because they are...

Hello everyone, I am running into an issue with ISE and authentication. If I run my script to create a network device it does so and it shows up in ISE, however when I try to have the device authenticate with ISE, in the radius logs, I can see that I...

Hi all,I have a RADIUS server running on windows 2003. I am using cisco 2960 switch, everything is working fine but i need to test the local user account on the switch so that i dont lock myself out if the radius server is not available.which command...

I am attempting to automate the imaging process in an environment by utilizing ISE profiling.I have the following pieces working as expected:Using the DHCP probe with the dhcp-class-identifier STARTSWITH PXEClient:Arch:.  The endpoint MACs move to a ...

Hi Guys,I have machine and user authentication using MAR in place. I have multiple certificates with the same CA-signed in my endpoint's certificate store (computer and user) and sometimes the endpoint uses a different certificate for the EAP authent...

I am looking to replace the Certificate that is assigned to the EAP Authentication Role - However the question has come up: Can this be a Public Certificate such as one signed by GoDaddy or does it need to be signed by the same CA that our Users get ...