Network Access Control

I really want to get the HTTP User-Agent attribute on my endpoints. I understand that the only ways to do that are URL redirect or SPAN. I don't want to do SPAN.  But using the URL redirect doesn't really seem to work for me either because I don't wa...

Hi, Can I have a posture condition for the following in ISE 2.4/2.6? Cisco Umbrella agent in installed and runningQualys agent is installed and runningPlease note - requirement is not for pxgrid integration of qualys or umbrella, only for posture che...

Hello all,I could use some assistance with getting my arms around Compliance Module.  I don'trecall this being an objective in the CCNP Security 300-208 exam.  It is now an objectivein the 300-715 exam.  More specifically, item 6.3, "Configure the co...

Hi, I'm interested in adding a pxGrid node to allow 3rd party systems use ISE for quarantine/COA.My workstations are now licensed via Base licenses, and to my understanding require Plus licensing for pxGrid content sharing in order to be managed via ...

Hi, Are there any guides available for integrate Firepower Threat Defence with ISE using pxGrid?I found an excellent guide by Katherine McNamara here - http://www.network-node.com/blog/2017/1/2/rapid-threat-containment-with-ise-21-and-firepower-61?rq...

Hello Team,   We are using full-blown ISE (no ISE-PIC) for usual 802.1x (EAP-TLS-based Machine auth mainly) and now configuring same ISE deployment for PassiveID to distribute User-IP mappings from AD (via ISE AD Agents) towards WSA and FMC. We are n...

Client gets authenticated and result is applied but supplicant switch errors the VLAN TEST is non-existent or shutdown which is both no true. Is this a limitation of CISP?  %DOT1X_SWITCH-5-ERR_VLAN_NOT_FOUND: Attempt to assign non-existent or shutdow...

Is ISE able to alert (via email for example) if a specific command or commands are executed on a security device like a FW? We've been asked if we can be alerted if someone makes a change to the audit logging settings on a firewall (i.e. anything wit...

Is ISE 2.4 supported on CSP-5444? If so, are there whitepapers, CVDs, or references for such a deployment?

Hello All,ISE v2.3We have a Auth Policy for Noncompliant devices. Usually this means that their AV defs or Windows Updates are not up-to-date. In that Auth policy we assign a dACL. This dACL allows the client PC to talk to both of our ISE servers, Sy...

I have already discovered that I can use CURL calls via the ers API, and, for example:Add an endpointAdd an endpoint to an identity groupGet all endpoints in an identity groupI realize that an endpoint (defined by a MAC address) begins to "live" as t...

Hello, In our environment we are using meraki switches and as they do not support DACLs or ACLs for Posture redirection, we used call home list in the anyconnect configuration profile to let the endpoint reach the PSN. During redirection or before re...

Hi, We sending credentials for self registered guests via SMS. I'm I right in thinking that the SMS provider should supply the API syntax for encoding language specific characters like åäö or is this something that ISE should encode? RegardsTyrone

Hello, Could you please help me on this.. New devices are SNS 3595.We are trying to upgrade the CISCO ISE from 1.4 to 2.4 via intermediate OS 2.0.1 and can migrate the policies / DB from 1.4 to 2.0.1 without any issue, but while doing upgrade from 2....