Network Access Control

Hi Team, My customer is wanting to do AV definition check as part of posture. for AV they have a compliance requirement on N-1, i.e. once the OEM releases a version they have to upgrade to that version in a month's time. If we enable posture conditio...

Hi @howon,   Going through your ISE sizing for TACACs+. https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--621954601     Can the ISE TACACs+ performance number be updated for 2.4 ?    Thanks

Hello all,I have a situation that I feel like needs another set of eyes. Installed ISE 2.4 last week, and had our test 7945G being profiled by the default IP Phone authorization rule, as we would expect, and "Permit Access". After configuring 802.1x ...

Hello Team,   I have the following question:   Imagine you have 2 interfaces on ISE:   fqdn ise.private.com G0 - 1.1.1.1 G1 - 2.2.2.2 ip host 2.2.2.2 ise.public.com   How ISE determines which FQDN to send back to NAD if both checkboxes are checked in...

A customer is taking advantage of the ESR5921 Software in ISE2.2 and has purchased the L-ISE-IPSEC= license and requires more than the 10Mbps thoughput.    Can they purchase this ESR5921 sku, LS-FL-5921-XL3-K9, to obtain 50Mbps throughput to this ISE...

if Endpoint/window PC is Booting up with both Connections(Wired and Wireless), and ISE is on Wireless only not on Wired, will End Point Authenticate in ISE? and ISE will be configured for both Machine and user authentication. 

As Machine Authentications with always happen first, and then User Authentication,  can we authorize policies based on machine Cert ? and also wants to do user Authentication ?   Eap-Tls and Peap and we are planning to use window native supplicant wi...

As Machine Authentications with always happen first, and then User Authentication,  can we authorize policies based on machine Cert ? and also wants to do user Authentication ?   (EAP-TLS and PEAP) and we are planning to use window native supplicant ...

Hi Gents,  One of my customers has the ISE servers below and currently in the phase of SDA deployment: - 2 nodes 3495 running 2.3 patch 1,4, personas Admin, MnT and PSN  --- in the main site  - 1 node 3495, persona PSN -- in DR site  - 1 node 3515, p...

Have a customer that had a policy change that caused many users to get locked out.  Management is nervous about the future of ISE and has asked the IT staff what is the "Shiny Red Button" that can be implemented to disable ISE policy for all users.  ...

We have a six node ISE cluster running 2.3 and I began the upgrade process via CLI to 2.4 on my secondary admin node as documentation recommend and the upgrade has been stuck at 10% for nearly 24 hours. It is stuck on step 4 of the upgrade process.  ...

Scale is published for dedicated deployments with 3595s. What is the scale if we were to dedicate 3515s from an existing ACS deployment (2) Admin nodes, (2) MnT nodes, (4) PSNs? Second, do we support any increase in scale by eliminating services such...

What API can be used to whitelist MAC address with a time limit. By calling EndPoint API we can Add an end point, but it seems end point API does not have any start time and expiry time field ?Can a MAC address be added within time bound for  whiteli...

Assume we configure ISE as the Primary and Duo as the secondary auth, which would function more like an OTP server than a Proxy. The questions I have are 1)  would ISE be able to pass radius attributes to the client with Duo as the secondary and 2) d...

Hello, I have an ISE 2.2 p9 deployment. domain1.com AD joined to ISE and working well for our users. Another domain2.com is also connected to ISE as we use 2-way trust between domain1.com and domain2.com.   domain1.com uses PEAP - this is our organiz...