Network Access Control

Resolved! 802.1x Authentntication for Zero Clients??

I need some ideas and strategies on deploying zero clients to a network with 802.1x authentication. Our network consists of Cisco ISE and Microsoft AD.1, What do I need to authenticate the machines and users?

Resolved! Cisco ISE 2.6 integration with Qualys - CONSULTANT

I have setup Threat Centric NAC on Cisco ISE. I am trying to test the Threat Centric functionality with the Qualys vulnerability scan. I am using ISE version 2.6. I had no issue registering ISE with Qualys cloud services and I had no issue getting th...

Resolved! Using IP address/subnet as an authorization rule in an ISE policy set?

Scenario: I have a MAB policy set where I permit various endpoints with some different profiler policies/logical profiles I’ve defined. Then the last rule is a default deny access. We have a subnet which we allow guests to connect on, and we want the...

Sellect different ciphers in ISE 2.3 and forward for EAP-TLS for different rules

Hi I want to be able to enable or disable specific ciphers or TLS versions for a specific authentication protocol definition Policy -> Policy elements -> Authentication -> Allowed protocols Currently all I can do is enable or disable weak ciphers (se...

How AnyConnect UUID is made

Hi Team, customer is interested on posture lease feature where they can posture user once per day instead of every login. Saw below statement in tech zone. " To avoid re-posture at each session id change posture lease can be used. In this scenario i...

ISE TACACS+ Performance and Scale

The following document discusses ISE performance and scale in general, including TACACS+; however, it assumes a dedicated PSN for TACACS+. https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId-1865558232 Man...

ISE application server not running

Hi Team,My ISE appliance application server not running, even reboot still the same, any reason? ISE-3315-K9 *****************************************Displaying ISE application status .... *****************************************ISE Database l...

Resolved! Time Based Restrictions - Best Practices

I would like to gather opinions/experiences on utilizing authz conditions such as Session: CurrentTime to achieve some sort of time-based restrictions. I would prefer to use ISE for a small use case where I need to implement time-based restraints fo...

Resolved! Cisco ISE lab Requirement

Hey Team, This is the requirement to setup a lab of cico ISE, I have on SNS-3595-K9 ise box with me and i am not sure what other devices i need...please help me what other devices are required to setup a ISE lab. MD

Resolved! Configuring User for ISE PIC on Windows Server 2016 in Core mode

Hello, At one of our customers Domain is implemented using Windows Server 2016 in Core mode (there is no GUI for Domain management, CLI is being used). We are not able to replicate instructions for configuring a user for ISE PIC provided on the link ...

Resolved! Switchport fail open to current VLAN?

I am trying to come up with some resiliency options in case of a massive ISE failure. I have a critical VLAN setup on all switchports in case ISE is unreachable. My question is how do I deal with switchports that use dynamically assigned VLANs? If IS...

Resolved! Anomalous Behavior Exclusions

I am running into a situation where I have some WDS PXE endpoints in my environment that are triggering the anomalous behavior flag. Reviewing the logs in ISE shows that the DHCP class-id changes from MSFT 5.0 to PXEClient; I am assuming when they re...

Resolved! ISE Guest portal FQDN pointing to 2 IP Address

Hello, Have anyone tried setting up a guest portal FQDN mapped into two different IP address in which these two IP address corresponds to the IP address of PSN nodes? Let's say for example PSN1: 1.1.1.1 HOSTNAME: psn1ise.company.com PSN2: 1.1.1...

Resolved! Cisco ISE upgrade from 2.1 patch 7 to 2.4

Hello, We are upgrading an ISE deployment from 2.1 patch 7 to 2.4. Do we need to patch the 2.1 deployment to patch 8 (Latest) prior to upgrading to 2.4 or is 2.1 patch 7 sufficient to upgrade from? Thanks,

Resolved! ISE EAP-TLS performance question

hi experts: My customer plan to purchase new ISE cluster to replace the old ones. Primary authentication is EAP-TLS+DACL. Couple of questions from customer: 1. From the scale guide section ISE 2.4 RADIUS Performance, it mentioned concurrent EAP-TL...

Network Access Control

Forum Posts

Resolved! 802.1x Authentntication for Zero Clients??

Resolved! Cisco ISE 2.6 integration with Qualys - CONSULTANT

Resolved! Using IP address/subnet as an authorization rule in an ISE policy set?

Sellect different ciphers in ISE 2.3 and forward for EAP-TLS for different rules

How AnyConnect UUID is made

ISE TACACS+ Performance and Scale

ISE application server not running

Resolved! Time Based Restrictions - Best Practices

Resolved! Cisco ISE lab Requirement

Resolved! Configuring User for ISE PIC on Windows Server 2016 in Core mode

Resolved! Switchport fail open to current VLAN?

Resolved! Anomalous Behavior Exclusions

Resolved! ISE Guest portal FQDN pointing to 2 IP Address

Resolved! Cisco ISE upgrade from 2.1 patch 7 to 2.4

Resolved! ISE EAP-TLS performance question

Bulk Update Fails for customAttributes - Is it supported?

UserPrincipalName not showing in ISE Log for certain user

CISCO NAM installation by iso generated by System Center

can i USE 2 CISCO ISE posture policy in same time with 2 Anti malware

High Response time for Entra ID TEAP with ISE

ISE VM Smartnet

ISE 3.5 requests for SMB Version 2 from Active Directory

SSL VPN FOrtigate with Cisco ISE Posture

Certificate Services OCSP Responder nearly expired

ISE databases - which one has the endpoints?