Hello,I have configured trustsec vlan enforcement on the Cat9300: cts role-based sgt-map vlan-list 222 sgt 222 cts role-based enforcement cts role-based enforcement vlan-list 222but the command "show cts role-based sgt-map all" shows nothing...
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Forum Posts
Hi All, I see that when configuring the posture policies, all the conditions that I specify will be evaluated based on AND operation. But, what if I want to specify condition based on OR operation? This is because I have a requirement, where I am che...
Hi, I want to clarify about do we have any caveats when using the source IP/Subnet in the Redirect-ACL when doing posture with ASA or Switch. I didn't find any example out there with source address. Also, comment about the same with DACL ?
Hi, I want to perform 802.1x user authentication together with Machine Authentication using Client Certificates. The problem is with Machines that are not in AD. Our policy allow users to bring their own devices as long as they comply to our posture ...
Hello Friends,I am trying to add a repository in ISE2 to upgrade the ISE from version 2.2.0.470 to 2.4.I can successfully add the repository adding the host_key in the ISE secondary node. But when I do sh repository SFTP, I see the below error. isese...
I have been working with ISE for a few weeks now. The main thing I worked on was getting the secondary up and synced with the primary. Then I worked on getting some policies in place to access various vendors or networking gear. My next project is...
Hi team, Im totally new with the process of the upgrade, We currently have a set up 2 PANs and 5 PSNs, all on version 2.0.0.306.I have gone thru several documents where depicts very well the process, but wanted a third angle before making a good plan...
I am in the process of pushing out a new Anyconnect client from ISE. I have it working correctly on the inside of my network. I have a Cisco ASA that is also using ISE. Do I need to upload the same AnyConnect image to the ASA or will it pull the s...
Hi, For the last few times, our ISE is failing automatic configuration backup with the following error. " Status : Error: The data filesystem is 71 percent full, which is above threshold of 70. Backup aborted" I have come across a few bugs wh...
HiMy enterprise customer has ISE 1.4 running in their network. The PAN and MnT are VMs and PSNs are hardware appliance 3495. There are 37 PSNs in one cluster, along with 2 PANs and 2 MnTs. There is another cluster with 2 PAN, 2 MnT and 5 PSNs. For fu...
hi like the title says, is it possible to tie one radius server to a specific switchport and then have other ports tied to another radius server? i know one can define several radius groups but how do i assign them to specific ports. i mainly use c...
Is there any way we can delete bulk mac addresses from ISE Endpoint identity group?
Does ISE support TACACS authentication of network devices using public keys? Public key config would be on the network devices. This would be helpful for workflows where automation is being utilized. If so, any documentation out there?
Hi, Posture on Anyconnect is not working ok. Client stuck in pending status and after some long time switch to compliant status. Problem is solved when client is connects to wifi, then in that case client download all files and after that VPN with ...
Hi Jason, Trust you’re doing good. I had a quick question regarding single sign on feature for guest approval/denial. I saw the following video composed by you -: https://community.cisco.com/t5/security-videos/ise-2-2-single-click-sponsor-appro...
