Network Access Control

Hi board, assuming you want to harden your RADIUS/802.1X solution and you want to disable legacy SSL ciphers (disabled ISE setting: "Allow WeakCiphers for EAP") like RSA_RC4_128_SHA or RSA_RC4_128_MD5. How do you know without testing each 802.1X capa...

Hi all Customer with predominately windows 10 install base .., current Auth schema is EAP-MSCHAPv2 Their standard policy requires Credential Guard to be on by default on the win 10 desktops , from what i have found this seems to disable the ability ...

HI , We need to upgrade our WLC to 8.8 as we are proposing AP4800 to customer . Customer has ISE 2.2 and would upgrade to 2.4 or higher as required.  Can some one recommend the correct version of ISE that would be required for upgrade. WLC under cons...

Hi team, Do we have the ISE 2.6 SXP scaling figures available? If so could you please share and also post here: https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--235887318 Thanks!

We are setting up Guest Wi-Fi portal and management would like to ask us to do the following: For the Guest, first time join the guest network1) connect the guest WiFi SSID2) login by using the guest login name and password that provided by front des...

We have distributed ISE deployment with 8 nodes(4 PSN, 2 MNT and 2 PAN). After switching PAN and MNT primary node, context visibility stopped working and gives following error message. I have confirmed that PTR records are there for all nodes.   I lo...

  Customer is customizing the flow of their guest portal and wants to have the temporal posture check auto redirect on completion. There does not seem to be a setting in the client provisioning portal page to do this. Is there another way to have the...

Hi Team,   Have a query regrading exclusion for Cisco Prime user request(auth/authz) to ISE nodes.   CU is having the Cisco Prime into network for monitoring/config change. Prime have the level 15 admin user which auth/authz on every network device(2...

Hello,I would like to onbord (BYOD) on ISE all mac books in the organization using single corporate ssid.So I have to create a BYOD rule which matches somehow Macbook endpoint profile in order to send it further for provisioning.I know that might be ...

I am currently using three probes on my PSNs. Radius, DHCP, and SNMP Query.  I was told that my SNMP Query may be useless if I was already grabbing the info I needed from Radius. If I just pick some random endpoints, I see that they are profiled eith...

Hi, We're currently running Cisco ACS 5.6 and I'm wondering which monitoring and reporting products are being used.The monitoring and reporting tool in ACS does not meet our needs.Eventually we will be migrating to Cisco ISE, so it would be good if t...

First off I am warning everyone I am not a coder :)I am playing around with ERS API to try and do a bulk import of mac addresses to an endpoint identity group.I am using postman for now but I assume will probably need to convert to curl later once I ...

Hi,   The 2 key end of support milestones for the ISE 3400 series hardware in the End of Sale notice are shown below. Please advise on what happens after 31st  October 2019 (relating to application software), if a TAC case is raised on ISE. Will norm...

How is device administrator license consumed ? Let's say I want to administer 200 device using TACACS , how many license will I need ?

Hi I have a BYOD service that uses Active Directory (AD) to autenticate users to allow them to on-board and obtain a user EAP cert, the common name on the issued cert being the username. Once on-boarded the EAPTLS connection to the network is transpa...