I am new to 802.1x, we are using Cisco ISE 2.3 in a lab environment and we want to do 802.1x on wireless machine authentication only based on certificates. I am using a WLC 8.2 in this lab setup. The plan is to move to 8.3 once all the access point...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Resolved! ISE Guest portal using public DNS
Hello community, Is it possible to use public DNS for ISE guest splash page. If not possible how would I handle this? We have an api that users need to access while on site, but we do not want to open access to the private IP. We want them to go out...
Hello, The Perimeter ASA is running in Multi-Context mode and the remote access vpn is working fine, we are now planning to implement posture check (cisco ise 2.4) for RA vpn clients. I would like to know if this is now fully supported? I found a lin...
Resolved! Trustsec and LAN topology
Hello We have a customer that will implement Trustsec. Their LAN access switches are C2960X and core switches are C9300.However, they have only one subnet 10.x.x.x/8. My question is: do we have to segment this network in smaller subnets to implement ...
Resolved! RBAC for adding MAC address
I want to try to give a group access to add/remove MAC address that will be used for a new whitelist. We already have endpoints because we use another whitelist for another group. Is there a way to have each team not be able to delete MAC address cr...
Hello all, we are running ISE 2.3 with patch 6. I tried to add some new devices to authenticate via tacacs+, but ISE does not always authenticate the users. In the tacacs live logs, I do not see the username that was manually entered, but instead of ...
Resolved! ISE Upgrade Procedure from 2.1 to 2.4
Hi team, I am planning to upgrade from the OS 2.1 to 2.4 with the information below: 02 virtual ISE, running in HA mode; each node has PAN, PSN and MnT. I will do the upgrade procedure like that: - Running the Upgrade Readiness Tool. - Backup all...
I am giving a try to the instructions from the following link for the: Create the Guest user using the guest API query. https://community.cisco.com/t5/security-documents/ise-guest-sponsor-api-tips-amp-tricks/ta-p/3636773But I got the following error....
Resolved! ISE RADIUS 2.3 maximum per user session
Hello, We have ISE 2.3 configured as RADIUS server to authenticate users to the WLC 8.2 through 802.1x authentication.In order to manage more than 1000 users, we benefit from Active directory and we created Active Directory as external identity sourc...
Resolved! ISE RADIUS Proxy
Hi ISE Experts, I have a specific query from a customer relating to Cisco ISE RADIUS Proxy functionality that I'm struggling with. The customer query is below and I have attached a pdf that shows what the customer is trying to achieve. The authentica...
Hi all, for previous ISE releases (up to 2.4) the deployment guides always showed restrictions for the number of supported PSNs per deployment model (5 for medium, 50 for large). I don't see these anymore in the current installation guide for ISE v...
Hello 802.1X (switch) experts, I deal mostly with WLC deployments and Session-Timeout is configured globally on the WLAN profile and applies to all authenticated sessions (unless over-ridden by AAA Override). Is there a similar concept on Cisco s...
Hello, We are planning to change the release of ISE from 2.0 to 2.4 and there are some license issues that we need to clarify. The deployment has Wired, Wireless, VPN and Device Admin licenses. The goals of the change are to be able to use the same f...
Hi, I am running into an issue where ISE is unable to get the certificate issued from an external CA. All ISE certificates are issued by this CA and normal authentication with and without certificates are working. However during BYOD on-boarding, i...
We have ISE PSN nodes in a DMZ guest access scenario and do not want them joined to the AD.Is there any way to disable the AD join for specific ISE nodes while allowing it for others?Cheers
