Network Access Control

ACS 5.3 - 22056 Subject not found in the applicable identity store(s).

Hi, I have a new ACS 5.3 configure and a ASA5550 to authenticate VPN users using a remote LDAP server. Once I try to authenticate the users with the ACS it gives me the error message "22056 Subject not found in the applicable identity store(s)."I che...

Resolved! SXP Import/Export Documentation

I'm not certain the exact IOS version these two commands were initially released in, but could we get them added to the configuration guides where they should have first appeared (maybe? 3.17.3/16.3.2/16.4). As of right now they are only mentioned w...

Resolved! How to define a SGT for address is any?

Hi:Team:Is there a way to use a sgt represent ip address is any ? After customer deployed the sda fabric , some acl just like deny ip 172.30.0.0 0.0.255.255 any can not change to sgaclHow we can use sgacl replace transitional acl which one th...

Resolved! TrustSec Enforcement Support for IE 2000/3000 Switches

Hello TrustSec Experts-I have a customer that is interested in deploying TrustSec but most of their switches are the Industrial IE 2000/3000 models. According to the latest TrustSec bulletin (https://www.cisco.com/c/dam/en/us/solutions/collateral/ent...

IBNS 2.0 complex policy

I thought I would see if the community may a policy that works for the following. Configure concurrent mab and dot1x. So this is in the policy. event session-started match-all 10 class always do-until-failure 10 authenticate using dot1x prio...

DACL issue on 2960s switches

Hello guys, I ran into an issue while testing deny access on ISE. I blacklisted the MAC Address that was used during the test. The DACL "deny all traffic" which is explicit deny was downloaded to the switch and remain static on the switch. after th...

RADIUS MAC authentication host-mode multi-auth with dynamic ACL (2960s)

Hello All, May I ask when a port configured to host-mode multi-auth as there is another switch plugged into that port and have number of end devices. Does the dACL be valid in this situation to each end client? Port configuration like this for re...

How to use 2 radius server on 2 radius group ? Cisco 3825

Hello. I would like to know how to add a second group radius with a second radius server on an L2TP server (cisco 3825) to separately authenticate routers arriving on a common VLAN. If possible, from the remote router, we should be able to choose the...

Wireless Device profiling recommendations

Hello Profiling experts, I am busy reading through the profiling design guide and it's very detailed and useful. I would probably have to re-read it a few times for it all to sink in. The thing that I cannot understand is how one even gets to a p...

Resolved! ISE node becomes unjoined from AD

A couple times over the last week, one of my ISE nodes has become unjoined from AD. Does anyone know what could cause this? Running 2.4.0357. Thanks.

Resolved! ISE 2.4 API header to send email to guests

I am running ISE 2.4.0.357 and the function to send e-mail to guests by using API calls is not working.I guess that the documention is informing the wrong headers for this call.This is what I see in the live documentation (https://1.1.1.1:9060/ers/sd...

ACS backup file not visible in repository

Hi All, I have created a FTP repository and copied the ACS config backup ( ACS-Backup.gpg ) along with other ACS patches in the folder but when i am trying to access the repository then ACS-backup.gpg is not visible, rest all the files are visible....

Resolved! ISE external admin Data access

I have created a new Policy for admin access. It references a Group in AD, I am able to login with out issues and have access to all menu's but I don't have access to some of the Data. For example I don't see any of the Endpoint or User Identity Gr...

ISE & ArubaOS

We're having an issue since one of our partner organisations replaced their Aruba wireless controllers running ArubaOS 6.x with newer ones running ArubaOS 8.x. Prior to the change our users had no issues getting connected in their buildings but since...

Multi-tenant admin group for ISE platform

Hi Team, Customer using 2.3P5 version, Currently it only supports single tenancy (ie. Single Admin group). Customer looking at migrating four different networks to this platform and there may be a requirement to have the different operational groups ...

Network Access Control

Forum Posts

ACS 5.3 - 22056 Subject not found in the applicable identity store(s).

Resolved! SXP Import/Export Documentation

Resolved! How to define a SGT for address is any?

Resolved! TrustSec Enforcement Support for IE 2000/3000 Switches

IBNS 2.0 complex policy

DACL issue on 2960s switches

RADIUS MAC authentication host-mode multi-auth with dynamic ACL (2960s)

How to use 2 radius server on 2 radius group ? Cisco 3825

Wireless Device profiling recommendations

Resolved! ISE node becomes unjoined from AD

Resolved! ISE 2.4 API header to send email to guests

ACS backup file not visible in repository

Resolved! ISE external admin Data access

ISE & ArubaOS

Multi-tenant admin group for ISE platform

NEAT and MACSEC

Secure Client and Posture module upgrade

Cisco ISE on Azure Cloud

Cisco ISE 3.4 ENTRA_ID user/pass auth question

Triggering reprofiling with lower CF value

Cisco ISE CRL

Installing FMVv

System certificate problems

ISE Integration queries with Catalyst Switch

Generating users with active directory