Hi Team, I'm looking for a compatibility matrix which maps out which switch/router and the versions which supports dACL.Does this exist? Thanks.
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Resolved! Extending ISE by using scripts
Can scripts be developed (along WMI calls if needed) to enable ISE to detect whether a windows user set a boot password. Microsoft has confirmed that a registry does not exist for this information. What would be the general flow and logic of the s...
Resolved! ISE PIC - DHCP syslog provider
I am testing syslog parsing and AD provider on ISE-PIC using DHCP syslog and WMI respectively. I have 2 different Providers - WMI and DHCP syslog. When a client logs in, I see a mapping on ISE-PIC for IP and user name as shown attached. Now, if I r...
I am a bit confused about the Global vs Local exceptions. I am currently using a policy set matching on wired and wireless MAB and I want to create an authorization exception for quarantine. I also have a policy set matching on wired and wireless 802...
We are running ISE 2.2 Patch 9. We have noticed that if a client attempts mab and native supplicant is configured for dot1x even if mab succeeds it continues to try dot1x irrespective.I have tried different scenarios order/priority and fallback mech...
Hello All, We are having ISE2.4 Patch1 in deployment with Cisco WS-C2960+48TC-L {IOS v15.2(4)E6}. We want to use dACL for Non-Compliant Endpoints with limited access. We used dACL of 67 lines, the dACL gets applied on interface, but something goes ...
Resolved! SNS-3595-K9 and ACS
Customer needed a new appliance for their ACS deployment. www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/release/notes/acs_58_rn.html#pgfId-455387 says that SNS-3595-K9 is supported with ACS 5.8.1: -- snip -- Table 1 Su...
Resolved! Cisco ISE Backup
Hi All, We have deployed two ISE nodes. 1 Node , Admin (Pri) , MnT (Backup). 2 Node , Admin (Backup) , MnT (Pri). I want to schedule backup for our ISE environment. Should I backup all nodes, or just primary node ?
Hello, I'm struggling with some regex issues on my ACS command sets. I can of course block access to various commands and had blocked access to various interfaces; however, I'm unable to block access to our trunk interfaces while allowing access to o...
Hi Experts, We have this external SQL database that has names of the VLAN and mac-addresses of computers that are specific to some locations. So, as per the flow the endpoint will connect to wired network. Then authentication and compliance check wil...
Resolved! ISE and Windows Registries
Hi, 1. Can ISE check the windows registry setting via Bitlocker for TPM? 2. Can ISE check the windows registry setting if Boot Password is Set? Thank you, Jim
Resolved! Should I point NADs to use IP address of profiler interface or normal interface for RADIUS requests?
Hello, I was wondering if I should point my Network Access Device's to our ISE PSNs profiler IP address or the IP address used during the initial ISE setup? The way I'm building out our ISE deployment is that I have 2 IP addresses assigned to our ...
Hello all, I am now starting to wade into using profiling policies on our ISE system. I am looking to see if there is a way to see the data returned from a device as part of the profile process. I have been working to create an authentication policy ...
Hi, We are using the EPS unquarantine function in ISE 2.4, but it's a manual process where we have to copy/paste the MAC address of the client we want to unquarantine. Is it possible to do unquarantine through an API call instead? If so, are there ...
Resolved! ISE Express EOL/EOS and new versions?
Hi there, So, ISE Express is set to EOL and "End of SW Maintenance Releases Date :App SW" is set to January 31, 2020 . As ISE comprises the regular ISE VM with some license limitations, and the regular ISE VM will still have releases after January ...
