Network Access Control

Resolved! ISE vulnerability scanner support for Rapid 7, Venafi and Nexpose

Currently ISE 2.1 supports Qualys for vulnerability scanner integration (Threat Centric NAC) - customers have asked about roadmap support for Rapid 7, Venafi and Expose.

Network Setup Assistant - No active interface

When running on Surface 3 Windows 10 Pro 1709 I can see in the spwProfile.log the following: Identifying wired and wireless network interfaces, total active interfaces: 0 Yet when running on Surface Pro 3 Windows 10 Pro 1709 I get : Identifying wired...

Cisco NAC Agent failing To popup on windows 10

Hi.I have a problem in my environment.Currently we are using ISE 2.3 with dot1x (machine & user authentication) and posturing.We are using Cisco NAC agent 4.9.5.8 for all windows machines.OS machines version is Microsoft windows10. in my network used...

Undocking and docking back puts the PC on the default VLAN

We are using ISE 2.2 patch 5 and AnyConnect 4.5 NAM module as the supplicant for 802.1x authentication. We are using Cisco 3850x switch with 16.6.1 Everest code. We have run into a weird issue: When a laptop (WIN 10) is undocked and docked back, wir...

How to Renewal ISE licenses in HA

Hi we have 2 x ISE deployed in HA. our current licenses are going to expire and we want to renew the licenses. i have following queries 1- do i required separate licenses for both nodes in HA or just single license on Primary node would be suff...

ASA Host scan faills due to inactive Windows AV

Hi I have enabled the host scan in the ASA and created a dynamic access policy to check if the host machine has valid AV and it is active not more than 15 days old . Script in the DAP policy is (assert(function() local update_days = "15" --days lo...

Resolved! Audit Point picks up Tacacs+ Vulnerability

Background:My customer has raised a question based on a vulnerability raised by their security team on TACACS+. The actual audit point was that there is “no integrity checking available and the use of MD5 encryption” This issue was this raised as p...

Resolved! ISE Authorization Rule

Hello, what would be a good authorization rule to authorize PCs to be imaged. They’re not on the domain and they will be applied a dacl that gives access to the imaging server and internet only. I’m trying to distinguish it from the default authoriza...

Debugging ISE ERS errors

I'm trying to use the ISE ERS to create a networkdevice (ISE 2.2). Any hints debugging a "405 Method Not Allowed" response? I'm guessing my JSON data is bad, but a pointer to what is wrong would be very helpful.

Resolved! MAB and dynamic VLAN assignment

Hi, have set up ISE so it will dynamically assign vlans based on users and user group, but ran into a problem with devices that do not have 802.1x Is there any way where users could log into their device portal and add their mac address and have th...

Resolved! Guest portal with OTP implementation

Hi team,I would like to know if the following implementation can be done on ISE: * Guest opens self-register portal and already sees the fields that he has to fill in * Guest fill the fields and clicks register * Username and password is sen...

Resolved! ISE - Guest flow

Hi All,Got a query regarding ISE Self-registration portal and sponsored portal.We are integrating ISE with Meraki AP and customer would like to have Guest self-registration for APs in certain sites and follow sponsored guest access for APs in differ...

Resolved! ISE Context Visibility Certificate Error

I have ISE 2.3 with latest patch. Has anybody run into this issue. I checked and I do have A and Pointer records created in DNS. I have the certificates installed in the Trust store. Thanks,Alex

Resolved! ISE Reporting - Last Time Device Logged Into Network

I have some data purging setup to automatically purge devices when they are inactive for so long. I would like a report that will show me a list of statically profiled devices that are coming close to being purged or have not logged into the network...

Resolved! ISE posture with AnyConnect

Hi,We're implementing ISE posture with AnyConnect VPN. In the uknown state dACL we had to allow quite a few ports to our domain controllers to get Microsoft NLA (network location awareness) to work, which makes it a bit less secure. Still very secur...

Network Access Control

Forum Posts

Resolved! ISE vulnerability scanner support for Rapid 7, Venafi and Nexpose

Network Setup Assistant - No active interface

Cisco NAC Agent failing To popup on windows 10

Undocking and docking back puts the PC on the default VLAN

How to Renewal ISE licenses in HA

ASA Host scan faills due to inactive Windows AV

Resolved! Audit Point picks up Tacacs+ Vulnerability

Resolved! ISE Authorization Rule

Debugging ISE ERS errors

Resolved! MAB and dynamic VLAN assignment

Resolved! Guest portal with OTP implementation

Resolved! ISE - Guest flow

Resolved! ISE Context Visibility Certificate Error

Resolved! ISE Reporting - Last Time Device Logged Into Network

Resolved! ISE posture with AnyConnect

EAP-TLS Device Certificate for Entra Joined Devices with Intune

Posture assessment report never finishing

NetFlow Probe Profiling – Missing IP and Port in ISE Context Visibili

Default Route SGT

PX Grid Connector and Service NOW

can no longer ssh into the Primary Admin/Secondary MnT node

NTLM Disabled and ISE-PIC

Impact of Resetting ISE Context Visibility on Endpoint Connectivity

Cisco ISE posture for Wi-Fi is stuck on Action Needed

ISE pxGrid client/server certificate creation and renewal