Network Access Control

HiI am working on the ISE part of my DNA SDA customer. There are 2 ISE boxes and each ISE box running PAN, MnT and PSN personas. I would like to know how to enable Auto Failover between PAN. The below URL says, for enabling PAN Auto Failover, I need ...

Hey everyonei am trying to create a SSID that authenticates towards the ISE server, the only condition that should allow anyone to join is that their machine is domain joined. I am having issues using domain groups to match in my policies? i tried re...

Is there a way to have ISE only search for user under a specific OU/Group under AD when doing Authentication? I know that I can use ExternalGroup to only allow certain AD groups to be Authorized, but this is before that during Authentication. I came ...

Hi Team,In one of the ISE deployments we have facing issue with integration of the node with two AD domains, although one has been integrated the second one is still under process of integrating with ISE node. The issue is briefed as below:ISE (Prima...

On my ISE lab, password is aged and when I try to change it in CLI it says :Authentication Manipulation Token ErrorAny ideas on what to do?Rémi

Hello,Is there a way to randomise the time for the reauthentication for ISE clients? When we select "Reauthentication" in the authorization profile it asks me an exact time in seconds to do the reauthentication. If possible, I would like to enter a r...

Hi,Is it possible to make the following ISE  fields not mandatory for creating ISE guest portal accounts through the REST API (https://x.x.x.x:9060/ers/config/guestuser). If so how?portalIdguestTypelocationThe ISE 2.3 ERS SDK API Documentation shows ...

We are planning a two-node VM-3515 ISE 2.2 deployment for ASA and 6500 AnyConnect users with ISE posture and SGFW (SGT tagging and SGT based firewall rules and ISE-ASA SXP). Concurrent session number is about 100..300 so there is no scaling question ...

Hi, is ISE going to support SHA256 to do SLO in the next releases?Right now we have this info:"For this to work we need to set the secure hash algorithm to SHA1 instead of the default SHA-256.This is set in ISE relying party trust properties under ad...

Hi team,We have a potential large Customer for ISE, this Customer deployed a mix of Cisco and Avaya Switches, I do not find a NAD profile for avaya switches in the following page : ISE Third-Party NAD Profiles and ConfigsDo you have any profile for a...

We have a client whom authenticate WiFi clients using AD credentials. This is, WLC pointing to ISE as a radius Server, and the latter is looking up in the AD Tree.They are moving all their services to SSO authentication using ADFS, and they are askin...

Hi Champs!A quick question: We are running ISE 1.3 and would like to upgrade.Is there any stable version we could upgrade to?I see we can directly update from 1.3 to 2.1, but not to 2.2.Is it a good idea to update to 2.1?We are running ISE in distrib...

We have an issue with ISE selecting the appropriate AuthZ policy based on the device NDG name.  A customer has 200+ locations, with each location having a specific code to specify the geographical location / building / floor. Their business requireme...