Hello,Please suggest how to add more AD attributes to the radius live logs. We use ISE 2.3 for 802.1x authentication thru ActiveDirectory. Earlier I saw a lot of AD attributes in the live logs, for example "memberOf" fields, and they helped a lot to ...
Forum Posts
Resolved! ISE dot1x deployment using MAR
Hi, i'm working in deployment of dot1x in my network and I need some recomendations and best practices.Main IDEA, in authentication:1 - Fisrt method dot1x:- Machine authentication with AD, native suplicant (using MAR)- User authentication with AD (PE...
Hi there, Have anyone encountered a situation where you don't have an AD (we use cloud based LDAP, not to mention it doesn't manage endpoints like AD does) and we don't want to use certs. So is there a way to authenticate machines against an ODBC sou...
Hello,I was wondering if anyone has had any issues with ISE 2.4 patch 7 after upgrading from version 2.3 patch 6? I'm talking a direct upgrade and not a fresh install of 2.4 patch 7 from 2.3 patch 6. Since I've upgraded, I've noticed alarms for lic...
Hello, We have ISE 1.2 and info sec team run a test and found these vulnerabilities please advise how to fix them 1.Information Disclosure (ROBOT Attack) Vulnerability allows attackers to extract the private session key, decrypt that session, and...
Hi,Does anyone know how to use the external Database to manage the End point devices mac address for the iPSK?I have set up the iPSK with ISE 2.3, we would like to know how to use the external Database to store these MAC address instead of the ISE in...
Hi all, I've noticed a discrepancy about the number of max concurrent sessions that a Cisco ISE hybrid model can support. The numbers doesn't seems to match between the ISE community portal (https://community.cisco.com/t5/security-documents/ise-perfo...
We’re setting up AAA on 2 nexus 5ks. At present, they are configured to authenticate against tacacs first, which if unavailable they will fall back on local authentication.aaa authentication login default group (companyname) localWhat we’re trying t...
Hello,We are running ISE 2.0.1 and created a second cli account using the username command. The syntax is accepted however the user cannot login with the newly created account and it does not show up in the show runn output. Has anyone seen this bef...
We're trying to configure trustSec on IE4000.version 15.2(4)EA5IP services licenseSDM profile - routing After "cts role-based enforcement" command is executed we're getting notification:"Command rejected: Platform does not allow the cli configuratio...
Resolved! User AND Machine Auth - Sleep mode
HiI am currently working for a DNA SDA customer on the ISE part. They are shifting from ISE 1.4 dACL based authorization (Machine Only) to DNA SDA TrustSec based authorization (User AND Machine). I am proposing AnyConnect for the solution against whi...
In one of the deployment, we need to check MacOS is Domain Joined or not so that we can apply ISE posture check to that device. If this is a Non-Domain Joined device (like BYOD) device, we would apply it to go through BYOD flow. Authentication is usi...
Hi All.Does anybody know how to change username layout/format created when logging in portal? As you login with your first and last name (for example John Bean) and ISE creates Username as first letter of your first name and then your surname (jbean)...
I have question on how DC failover actually works. I read the section from Active Directory Integration with Cisco ISE 2.x on DC failoiver -https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_2...
Resolved! ISE Behaviour on SSL Certificate Renewal
Hi team would like to check on the following: If the SSL certs for ISE https Webserver are renewed, will this require manually on boarding the Certs to user devices (Non Windows devices). We have seen behaviour where Android & Apple devices require...
