Hi, I need your help for the following migration:- Current situatie: Cisco ACS with max 100 Radius devices and max 300 Tacacs devices. No end-users authentication using 802.1x, only managing access to devices via Radius and Tacacs. The ACS are runnin...
I have 2 sites Site 1: Domain - xx.ZZZ.com Wifi Authentication - 802.1x via Cisco ACS 4.1 Site 2: Domain - YY.ZZZ.com All 802.1x authentication works fines when two sites are connected via MPLS but when we migrate the traffic to S2S VPN the be...
Hi Experts, I see that Juniper is supporting CWA with these following switches here: https://apps.juniper.net/feature-explorer/feature-info.html?fKey=7084&fn=Central%20Web%20authentication The NAD profile on the communities has a profile for EX3300 s...
I have a problem with the phone system, connected to the ISE. The phone system contain two more phone devices behind the phone system and this phone system is connected to the network jack, i have assign multi host authentication mode but here, there...
Hi Experts, I have been struggling to integrate IBM Qradar and ISE via pxGrid. Been facing quite a few issues, initially, there was an issue with the DNS resolution, which we resolved. Then now all the configuration looks good and I can see that Qrad...
I'm trying to implement Wired Dot1x with mab backup for devices that don't support dot1x. Using ISE 2.4 for radius. I got dot1x to work fine with windows clients. Next step was to profile devices that don't support dot1x based on oui. I plugged my ...
Although Username has Privilege 15, show run command does not have authorization All other commands works. Below are AAA commands configured on switch. ======== username admin privilege 15 secret 5 xxxusername netadmin privilege 15 secret 5 xxx a...
Hello everyone,I would like to ask if there is a recommended interface configuration for supporting all methods of authentication in closed mode. Also, in Closed-mode, i would like to know if an ACL is needed in order MAB to work properly.I am gettin...
I have created a new SFTP repository on a ISE 2.3 Patch 4 primary admin node both in the CLI and GUI and run the Crypto host-key add host URL_of_SFTP server And I get the error below when I try to validate the repository. What did I miss for the co...
I am not even sure where to begin looking for the error. I recently discovered that my tacacs server (ACS 5.8.1) is allowing ANY username to authenticate - including ones that do not appear in TACACS. If you use a legitimate username and an incor...
Hello, I am trying to set up read only access to our nexus equipment using tacacs in ISE. I am currently following along with this documentation: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin...
Hi Team, Can DNA Center use Azure AD (IDP) as an external authenticator ? I have found this info but not sure whether ISE to Azure integration then flows through to DNA Center?https://community.cisco.com/t5/security-documents/notes-on-azure-ad-as...
By today it seems to be impossible to create a guest ticket on a certain time of day until a certain time of the same day. You always have to end the ticket on the next day or have to run it until end of business day which also implies that the tick...
Experience during a PoC Customer has roughly 3000 LAN switches that sit on a common VLAN per campus site. At some large locations there are upwards of about 60 switches on one subnet (e.g. 10.100.1.0/24) We were using the Visibility Wizard to disc...
Hi all, we have 3000 Clients, most of them working without any Problems. But we have some strange issues with some MacBooks, sometimes.... Most of the Time all is working fine, but sometimes we got some Problems, so the Client can't connect anymore...
