Network Access Control

Resolved! How to use different endpoint in compount condition

Hello to all, I've created severals endpoint groups, which are filled with MAC-Adressess. For example one group for printer, one for access points and so on. I can remember that on ISE 2.0 I created MAB compound conditions for authorization like ...

Resolved! ISE Guest access immediate access after sponsor approval

Hello all,I have a question. I am running ISE 2.4 patch 1.My use case is as follows:Guests that will come to the company need to do self-registration in the guest portal. They should fill in the form name, email etc. and who they are visiting. Then t...

How do I send TACACS+ logs from TACACS+ Server to a remote Syslog server?

Please, I need an urgent assistance. I am new to TACACS and I have this assignment to come up with a process to send TACACS+ logs from a client's TACACS+ server to a remote Syslog server where we can take the information into our SIEM for correlati...

Resolved! Port 9061 usage

Hi team,By default ,ADE-OS has 2 conn-limit commands. > conn-limit 5 port 9061> conn-limit 10 port 9060I know the 9060 is used for ERS API but I'm not sure about 9061.Could someone tell me the purpose of the TCP port?

Implementing Inline SGT (no SXP) Using ISE 2.4 and Cisco catalyst switch 3650 (IOS-XE 3.6.8E)

I am trying to implement the Role-based access control (using security tags) for users connecting to the domain. NDAC, Security groups and SGACLs are configured on ISE. Switch is successfully communicating with Cisco ISE as radius server as well as C...

Resolved! Programmatic Network Device Export

Looking for a way to programmatically export the ISE Network Device list (nightly).Because oops:The following URI is sent when exporting from the GUI, but fails when sent from postman (likely due to csrf check)/admin/GenericImportUploadAction.do?comm...

Resolved! Is there a TAC/Cisco supported deployment running ISE 2.4 virtual machines with a Small VM license (R-ISE-VMS-K9)?

Is there a TAC/Cisco supported deployment running ISE 2.4 virtual machines with a Small VM license (R-ISE-VMS-K9)? If I deploy VMs and match the hardware specs of a sns3515 we match a Large VM license. If I remove virtual CPUs to 6 to match the spe...

Resolved! Inactive MAC address report

Hello, i have a need to produce a ISE 2.3 report that will show MAC addresses from ISE database not being active in last 6 months. Is there any built in report that can be used for this purpose?

Can you use AD authentication for ACS 5.2 admin accounts?

Hi,I want to set it up so that when you log into any of the ACS 5.2 servers you have to use your AD credentials to log in and define what access you have. Is this possible? If so, how can this be set up?Thanks,Randy

Resolved! ISE operational backup via GUI doesn't work

Hi guys need some help.. the operational backup through the web GUI doesn't work. Neither via schedule nor on demand via "Backup Now" button but via cli it does.. Operational backup details shows: Status : Backup Failed: copy to repository ...

MACSec without NDAC

Is it possible to do downlink macsec without the full NDAC/SGA setup? I am trying to set up encryption from the PC's to the switchport and it is attempting, but never completes. I keep getting these two logs:(I have researched these logs but couldn't...

Resolved! Integration of ISE,AD and FMC using Passive Identity

Hi experts,We have a customer who wants to create rules based on username on FMC and wants to explore PxGrid and Passive Identity.My understanding is we integrate ISE and FMC using pxGrid and then integrate ISE and AD using passive identity.We then h...

Resolved! New ISE 2.4 with Legacy Licenses

Is it supported to install a new ISE 2.4 and add legacy licenses (Legacy Device Admin License, Legacy VM SKU)?

PIC identity mapping question about DCOM and WMI Registry key

i m following the PIC document: https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/pic_admin_guide/PIC_admin/PIC_admin_chapter_01000.html#task_784A7…when we talk to our Corp Sec and ID team for changing registry key to allow our account with full...

ISE Guest Anchor WLC using Public DNS

Hi guys,I have a similar setup with a guest anchor wlc.Based on this thread, it seems like the recommended design is to allow tcp/8443 to the psn from the dmz guest vlan.howon you mentioned the guest user needs access to the guest portal and possibly...

Network Access Control

Forum Posts

Resolved! How to use different endpoint in compount condition

Resolved! ISE Guest access immediate access after sponsor approval

How do I send TACACS+ logs from TACACS+ Server to a remote Syslog server?

Resolved! Port 9061 usage

Implementing Inline SGT (no SXP) Using ISE 2.4 and Cisco catalyst switch 3650 (IOS-XE 3.6.8E)

Resolved! Programmatic Network Device Export

Resolved! Is there a TAC/Cisco supported deployment running ISE 2.4 virtual machines with a Small VM license (R-ISE-VMS-K9)?

Resolved! Inactive MAC address report

Can you use AD authentication for ACS 5.2 admin accounts?

Resolved! ISE operational backup via GUI doesn't work

MACSec without NDAC

Resolved! Integration of ISE,AD and FMC using Passive Identity

Resolved! New ISE 2.4 with Legacy Licenses

PIC identity mapping question about DCOM and WMI Registry key

ISE Guest Anchor WLC using Public DNS

Cisco ISE on Azure Cloud

Cisco ISE 3.4 ENTRA_ID user/pass auth question

Triggering reprofiling with lower CF value

pxgrid invoke getEndpointByMacAddress api return 204

pxGrid Certificate-Based Authentication - 503 Service Unavailable

Generating users with active directory

Rehosting vm ise Cisco Licence

No SNMP queries possible from ISE V 3.3 to the device

iPSK Manager VM requrirements

IBNS 2.0 Err-Disable port if auth fails