Hi All, as SNS-3495 physical appliance announced EoL 2 years ago, just wonder if ISE 2.4 is officially supported on SNS-3495? or it's required to migrate to SNS-3595 instead? thanks,CH
This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other troubleshooting best practices.
Forum Posts
Hi, I'm wondering if there is a way to determine administration persona role through an API call. From a quick skim of the reference guide it seems you can do this for the monitoring persona role ( https://<ISEhost>/admin/API/mnt/Version ), but I...
Is it possible to do group mapping in ISE? I was able to do this in ACS and map an external AD group to an identity group when creating an access policy. Which would allow me to create a single authorization policy that would affect both internal and...
Hi Guys, I to enable a WLC SSID with the following requirements: 1) Layer 2 security is open. 2) Then users will need to get redirected to a CWA wherein they need to enter their username PW 3) The logs should should should show their usernames as...
Resolved! ISE 2.4 patch 2 pulled from CCO?
Anyone know when patch 2 is going to re-appear? According to the Release Notes (which are still downloadable) the patch was made available on Friday 27th July. Software Updates for Identity Services Engine Product Name: Identity Services Engi...
i have installed AnyConnect compliance module and posture condition related to Kaspersky installation and definition working fine with Kaspersky disabled on machine and when Kaspersky working on machine it stop compliance module from working while NA...
Hello Experts, I have a requirement to have the Vmware ESXi device administration facilitated through the AD account (AD is added in "joint point name" in ISE). How can we get this facilitated?
Hello, everyone, The following Device Admin Policy rejects access to a test switch:The following error message appears in the TACACS Live LOG:see : error_msg.pdfHowever, this Device Admin Policy works with a request for user data from the Internal Us...
One of my customers is using ISE and Aruba wireless. The Aruba wireless is broadcasting a Eduroam SSID. They are having issues with students authenticating to the Eduroam SSID. Below is the description of the issue: "The problem is in the user a...
We have enabled anomalous client suppression with Reject RADIUS requests from clients with repeated failures checked. Is it possible to view the blacklisted endpoints on ISE due to repeated client failures ?
Hi, I am a bit annoyed that ISE doesn't report what is wrong when it is unable to retrieve an AD group. I have different branches in my AD tree, but ISE is only able to retrieve groups from one of them. For example it can find groups under domain/...
ISE 2.3.0.298 External Sources: AD Mode: Monitor MAR: On (12hrs) Cisco Phones-EAP Switches: Correctly Configured per Interface Policy: Authentication: EAP-TLS - Network Access·EapTunnel Equals TTLS - Use Sequence (Internal Endpoints, AD) ...
Hi Team, I'm testing to issue certificates for EAP-TLS, and found expiration TTL is always set to 2 years for server cert. When I configured certificate templates for client cert, I could set 3652 days at maximum. But when I configured CSR for...
Resolved! Hits count policy on ISE
Is there anyway to keep the hits count on all active policy? After a reboot the accumulated counts are gone.
Resolved! Determining ISE Plus Licenses Needed
We have multiple site ISE 2.2 environment and are adding 2 new sites. Our current ISE License is; 50000 Base 3500 Plus. I am trying to find a way to determine how many new plus licenses we may need. In the past we have temporarily gone over the 3...
