Network Access Control

Hi all,   My customer just acquired ISE to be used as TACACS+ authentication (2 PAN/Mnt + 2 PSN) in two new data centers.   Which ISE version and patch are now the recommended ones? ISE 2.4 is long term, but I've seen a catastrophic bug (CSCvm93698) ...

Hi everyone,   New deployments include default secure syslog and UDP syslog categories.   1) If I'm interested in central logging to my MnT, can these remote syslog targets be unapplied to all logging categories? I would like the only remote syslog t...

Hi Experts,I am a newbie in ISE and having problem in my first step in authentication. Please help.I am trying to deploy a standalone Cisco ISE 1.1.2 with WLC using 802.1x authentication. The user authentication configured to be checked to ISE's inte...

Dears,Am working on ISE 1.1, and am facing a problem after the posture assessment for a machine, if the machine doesn't have the correct antivirus, the NAC Agent suggest the following link remediation: http://kaspersky.test.com, when the user tries t...

Hi All! I have a problem between Cisco ISE and Active Directory. After adding AD to Cisco ISE I have a Failed Status in Active Directory Diagnostic Tool, rest of test is working good. Test result:  DNS A record high level API query   ...

I have some questions about the traffic flows for ISE and encryption.Source : All ISE NodesDestination : All ISE NodesPort : TCP 12001Purpose : ISE Configuration replicationQuestion : Is this over TLS?Source : All ISE NodesDestination : All ISE Nodes...

Hello,   I have a router in remote location that I sent there without aaa config. Now that the router is up and accessible remotely, I would like to have aaa configured. Last time, I had a bad experience locking myself from the exc command. My questi...

Hello,   Do you know if it is possible to use TACACS+ authentication for Admin access on an ISE 2.2 deployment? (I mean admin access to ISE nodes)   Thanks and regards,   Víctor.    

Hi Experts,   We need to upgrade a distributed ISE deployment from 2.3 to 2.4 from the CLI, to remain AAA service online consistently. There is a question confusing me. As per the upgrade guide as below, after upgrading, the Secondary Administration ...

I'm looking for a best practice process for replacing an expiring 3rd party certificate used for Admin/EAP. I inherited a six node deployment and each node has the same Certificate for both roles imported, do all nodes need to have the same Cert for ...

I am trying to register my secondary node on my ISE 2.4 solution.  The nodes can ping eachother's hostnames and have each other's certificates. Is there a log that will tell me why they are erroring out?