Network Access Control

I suspect I know the answer to this, but thought that I would throw it out there anway...With Cisco ISE 1.2 is it possible to enable 802.1x machine AND user smart card  authentication simultaneously for wired/wireless clients (specifically  Windows 7...

Hi, I have an ISE RADIUS setup where I would like to return a different static framed IP address to a client based on the source NAS that issued the request to ISE. i.e. if NAS1 sends the request, return user1 framed IP address 192.168.1.1, if NAS2 s...

I have a doubt here.   Is there any other options available to do authorization of printer which don't have any domain credentials ? other than mab and profile attributes ? combination of (mab + serial number + any) for authorization ? Is it possible...

Hey guys   My client is migrating 4xACS deployments to 1xISE instance. The migration allows only 1:1 ACS to ISE. So my client migrated their biggest ACS env to ISE.   What is then the best way for my client to import the other 3xACS env policies to t...

Need a quick confirmation: on ISE 2.4 can a customer exceed license count without business impact both in short and long term? How about letting Plus/Apex lapse?   (I've seen out of compliance messages on 2.4 that worry me)

Dear All In my setup, I have two locations, Tower 1 & Tower 2. I have a PAP-T1, PSN-T1 & a MNT-T1 in Tower1 & only one PSN1-T2 in Tower2. All are in sync & running ISE 2.2 patch 3. Tower 1 & Tower 2 are connected across WAN.I am trying to add a PSN n...

I think this bug is hitting our ISE and we are not able to use AD-Join-Host-Point as one of authentication for host.   https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf55996

Hi team,   We get our laptops built at Dell and then shipped directly to the user. The computer will have a computer certificate issued through group policy when it is domain joined but it won't have a user certificate as the user has never logged on...

Good Morning,   I encountered the following problem with my ISE 2.3 installation regarding Device Administration. When ich configure the primary or secondary node for AAA everything works fine, Tacacs Auth, aso. When I replace the primary and/or seco...

Hi all, I would like to hide and auto-fill the location field on the Guest Self-Registration page based on the WLC or AP name (or any other value that potentially can be used for that). Is this possible through a script?   I am sure this has been ask...

Sorry for the quick question. But now I can't find ISE command to check interface link status. For example, now eth1(gigabitEthernet 1) stays admin:up, link status:down   C:\>snmpwalk -c ro -v 2c 192.168.10.1 1.3.6.1.2.1.2.2.1.2.3IF-MIB::ifDescr.3 = ...

Hey all,   Looking for  best practices on how security teams flag a BAD MACHINE (not user) and prevent it from connecting onto the network via VPN / Wired.   ** The idea is to block specific MACHINE not specific USER. ** User validated/authenticated ...

Our customer uses double authentication for ASA VPN with ACS as primary authentication using AD and ISE as secondary authentication using Safenet and RSA (both in one single identity source). They now want to move both primary and secondary authentic...

Hello All,   Can someone tell me what would be the reason if guest wireless redirection is taking long time.   We have setup ISE 2.3, patch 4, WLC 3500, 8.5 ver. AP 2800i   Thanks Kamlesh