Network Access Control

I am going through some strange issue on ISE 2.2. I have some special kind of monitors in my network. On this monitors, i have two NIC cards for two separate operation. I need to connect each NIC with the separate switch port. In short ,i need two se...

Hi,   Now that we have 3695 appliances, we can create a large deployment of 50.000 with only 2x 3695. Is this the best practice for a customer with 40.000 endpoints. Or would you advise to split the persona's and use 6x 3655  (Admin, MNT, PSN) ? Redu...

We are migrating from 2.1 to 2.4 or 2.6 because of some bugs TAC has identified.  we have 4 3495s which do not support anything past 2.4. we need to purchase 4 new SNS appliances.  2.4 is not currently supported on the 3655.  Does Cisco recommend we ...

Just wanted to confirm, I don't need to have an AP connected to a dot1x switchport in order for wireless dot1x authentication to work with ISE correct? It's purely up to the WLC and there is no interaction whether the port where the AP is plugged int...

Hi,We are planning to migrate from ISE 2.2 that running on 3495 which is really slow, yes, we did worked with TAC on many SR to get it to response faster without luck(100K endpoints), that is why we are migrating to 3595 that we already purchased(bef...

Do we have any customer references related to ISE on Hyper-V? Thank you 

I have a couple of cat 9300 uxm switches in my SDA fabric that continue to attempt to reach out to ISE for pac provisioning. The devices have a valid pac that is not expired. It seems that they have a hung provisioning job. What is the best way of ki...

How to enable dump terminals with ISE, comparison with and without 802.1xHi all,I am trying to understand how switch 802.1X activation and impact on existing devices such as windows login to domain, door access, IP camera,etc.1) First of all, all dum...

Hi Team,   Looking for the best practise for the number of ACEs that should be present in the Redirect ACL for Posturing.   Thanks and Regards, Madhuri

Hi Experts,   I just need a simple yes or no.  Does logging work for dACL's and if it does work how do we see the logging info?   Much appreciated, -Robert  

I am currently gathering information on whether or not implementing 8021x on a small footprint of linux hosts mostly running Centos is worth the squeeze. Since linux hosts are unable to work like windows machines using auto-enrollment etc. in my expe...

Hi,I have a large implementation of TrustSec micro-segmentation using ISE in a distributed deployment with 2 ISEs for PAN and 2 for MnT and centralized PSNs in multiple regions which will cover alot of branches.I still need to understand more about t...

Hi,We are planning to migrate from ISE 2.2 that running on 3495 which is really slow, yes, we did worked with TAC on many SR to get it to response faster without luck(100K endpoints), that is why we are migrating to 3595 that we already purchased(bef...

Hello people, I need to transfer some log files from '/opt/CSCOcpm/logs/localStore/' to an remote FTP server.Someone have any idea how we can do it? I already tryed copy directly by cli, but this file is not found on 'disk:/' ISE25/admin# copy disk:/...

I have a team that wants to manage their ISE appliances the way the manage their other CIMC capable servers/appliances.   Right now that's not supported but I'm wondering if it ever will be?   Thanks!