We’re implementing a script-based posture condition in Cisco ISE to check domain join status on endpoints.As part of this setup, we’ve added the SHA-256 fingerprint of the ISE PSN's portal certificate into the AnyConnectLocalPolicy.xml file on the en...
Hi everyone,We are facing an issue with Intune-ISE integration, where ISE is not recognizing managed phones (iPhones & Android) as registered and compliant, even though Intune shows them as registered and compliant Scenario:When an iPhone connects to...
Configured an identity group and assigned it to the Hotspot Portal in Cisco ISE.Issue: When an endpoint hits the Hotspot Portal, its MAC address is not being stored in the configured identity group.Instead, the MAC address is being stored in the defa...
Yes, I tested that as well.I disabled one PSN in the F5 pool and even powered off the same PSN to ensure all traffic goes to a single PSN, but the issue still persists. F5 still doesn't forward the RADIUS request to the active PSN.
The F5 VIP is not sending the RADIUS Access-Request to ISE at all. In my setup, the F5 internal interface (10.2.2.30) is added as a NAD in ISE , so any traffic from F5 to the PSNs would appear as coming from that IP.However, on the ISE side, I’m only...
Yes, I ran a packet capture using Wireshark to trace the flow.From what I observed:The Meraki switch (10.1.1.293) is sending the RADIUS Access-Request to the F5 VIP (10.1.1.220).Separately, I also see the Meraki switch directly hitting PSN1 (10.2.2.4...
