Network Access Control

Resolved! ISE policy-sync between two ISE depyoments via REST-ApI

Hi all,is there a way to sync authentication/authorization policies between two distinct deployments automatically via REST-API?Thanks in advance.Roland

Resolved! Landesk ISE Posture Remediation Support

Hello,One of our customers has Landesk Patch Management solution in place. Their requirement is to do a posture check for latest patches and remediate using Landesk if the machine is not compliant. Is this functionality supported on Landesk?I could p...

Overlapping IP adresses for Network Devices in one ISE deployment

Hi all,my customer would like to place two PSNs - belonging to the same ISE deployment - into two different network segments:Segment 1 - PSN 1Segment 2 - PSN 2Now the issue is that these two network segements have overlapping adress spaces, which is ...

Resolved! High Availability for AD or LDAP servers in distributed ISE environment

Hi experts,How is high availability between PSNs and local AD/LDAP maintained ?In a distributed environment we add the fqdn of the domain on Admin Node and then all PSNs get joined to their local domain controller.If that local domain controller fail...

Resolved! Struts2 CVE-2017-5638

Hi,I'm going to patch 8 in several months. Does 2.2.0.470 with Patch 8 deployment still need Struts2 CVE-2017-5638 fix, aka "ise-applystrutsfix-signed.x86_64.tar.gz"?Thanks.

ISE 2.3 TACACS+ and ASA authentication: identify ASDM or SSH login

I am currently configuring an ISE 2.3 policy for TACACS+ to authenticate our devices, one of my goal is to distinguish when login requests comes from ASDM or SSH but I cannot find any meaningful parameter in TACACS+ that could help on this. On anot...

ACS 5.6 Local Users

I am looking to create some Local Tacacs users on my ACS server. I want to enable some password polices associated with it as well. Couple Questions: 1. When a users password is about to expire does it prompt the user when they ssh to the devic...

Resolved! ISE integrations (Red Hat Satellite, FireEye)

Hi,Do we have integration in the radar for:Red Hat SatelliteFireEyeBest regards.

ISE v2.3 Location base MAB Authentication

Hi, We are having difficulty setting a policy to authenticate known devices based on location & MAC address in ISE v2.3. I have created a network device group called "test" which I have my test 3650 switch in & an endpoint identity group called com...

How to distinguish between a serive not running and software not avialable

Hello Team,While checking for posture requirement there are two checks in customer environment1) To make sure that a software is currently running and if not we need to enable it as remediation (which was easy by checking the service condition and t...

Resolved! ISE 2.4 Convert From Traditional to SMART Licensing

We're rolling out a new deployment of ISE 2.4. We're still in the 90-day trial and everything is working as expected. Now we're trying to convert to SMART licensing. Seems straight forward - Admin/Sys/Lic then click Cisco SMART Licensing, choose Dire...

Resolved! ACS 5.8.0.32 Cumulative Patch 8 issue

I have a installed Cisco ACS 5.8.0.32 with Patch Level 7 and added Patch 8 on a SNS-3415-K9. The patch shows successfully installed an after the reboot. The Patch Level do not match. sh version Cisco ACS VERSION INFORMATION-----------------------...

Proper configuration for Radius login

Hello, I try to configure radius authentication on L3 switches on my production using the below config: (config)#aaa new-model(config)#radius-server host RADIUS_IP key RADIUS_KEY(config)#aaa authentication login default group radius local(config)#lin...

Resolved! Weird error in profile download during onbording

Hello, I am configuring BYOD flow in my lab with the following details:1) Wired scenario (the flow and everything was working well with previous version of ISE, so I assume the switch configuration is ok.2) I have upgraded to ISE 2.4 and rebuilding t...

Resolved! Remediation Option

Hello Everyone,I am sure I am not the first person asking this question but could not find anything around it so raising in this forum.I have a question in relation to remediation. We are using Anyconnect ISE posture stealth client and we are able to...

Network Access Control

Forum Posts

Resolved! ISE policy-sync between two ISE depyoments via REST-ApI

Resolved! Landesk ISE Posture Remediation Support

Overlapping IP adresses for Network Devices in one ISE deployment

Resolved! High Availability for AD or LDAP servers in distributed ISE environment

Resolved! Struts2 CVE-2017-5638

ISE 2.3 TACACS+ and ASA authentication: identify ASDM or SSH login

ACS 5.6 Local Users

Resolved! ISE integrations (Red Hat Satellite, FireEye)

ISE v2.3 Location base MAB Authentication

How to distinguish between a serive not running and software not avialable

Resolved! ISE 2.4 Convert From Traditional to SMART Licensing

Resolved! ACS 5.8.0.32 Cumulative Patch 8 issue

Proper configuration for Radius login

Resolved! Weird error in profile download during onbording

Resolved! Remediation Option

Live Webinar: B&M Security Transformation with Cisco XDR

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

Renew intermediate CA: potential impact on ISE deployment and EAP auth

Authenticating Servers via ISE

Guest Self-registration How to Validate Phone Number Length in ISE 3.1

Is it possible to assign a policy to a specific PSN node group?

ISE 3.3 p2 Problems with snmp v3

Logging into ISE via Okta

Cisco ISE 2.7 (EoL / EoS)

Profiling bug or something else...?

PT-TLS and PT-EAP implementation...

Can backup from ise 3.2 and restore to ise 3.3