Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Good morning all.I feel I know the answer to this one, but does anyone know if ISE will gracefully shutdown (i.e. run application stop ise, followed by halt) when sent the shutdown signal from a Hyper-V host?My server team of course prefer if this is...
Hello all, could I get some advice on the ISE policy rules that you use to distinguish your users who may omit their domain suffixes when connecting to wireless (PEAP/MSCHAPv2)?We have some rules in place already, which I will detail below, but some ...
ISE 3.2 Patch 6We are having a recurring issue that is really becoming a problem now with some MAC addresses dropping their identity group after being placed into one.Example:1) Add MAC address to Identity group through Context Visibility -> Endpoint...
I am testing using automartport macros to enable a port for trunking to support Ap's in flexconnect mode (NEAT with templates doesn't work for us because you can't change to multi-host). This is generally all working ok with macros, however I have no...
We are in the process of moving from ISE 2.7 to ISE 3.2 and I am having real difficulty with the new user interface, specifically when selecting authorization policy results.The ISE 2.7 UI is perfectly clear and usable but the ISE 3.2 one is extremel...
Hi Jorge,We have seen several patches where Cisco claimed this had been fixed only to continue having the problem. However we have found that version 3.2 patch 9 released on Christmas Day 2025 has finally fixed the problem for us. Thank you Santa.App...
Have you changed the dot1x timer at all from the default 30 seconds x3 attempts?i.e. on the interface or template:dot1x timeout tx-period 8 I have found a lot of devices fail if they don't get a DHCP response within 30 seconds or less, they try to re...
Ok we have figured it out, the rule is matching whatever is configured in the "anonymous identity" field of the wifi setup (at least on Android).If left at the default "anonymous" it will not be matched by a rule looking for "@". I imagine ISE is onl...
I'm somewhat reassured that you are seeing the same problem! I have not yet raised a TAC case, I made this community forum post first to make sure I was not doing something stupid in my rules. But now it looks like it is a real issue.Further testing ...
Thank you for taking the time to reply. It looks like there is some scope for improving our ruleset there.As an educational organisation we also have a requirement to authenticate visitors from other educational organisations as well, so we do need t...
