About ffischer

ffischer · 10-10-2024

Hi, one of our clients runs a 2 Node ISE Deployment in a lets call it "very specific" environment.New reqirements should be be fulfilled by keeping the IP Address on one of the nodes but move from /27 to a /31 subnet mask on the ISE Eth0 interfaces. ...

ffischer · 03-19-2024

Hello, at a client we are running a large distributed deployment with 14 PSNsWe have enabled profiling to get visibilty whats on the network. If a device sensor on the switches recognizes and accounts an IP address on an port to the ISE,an automated ...

ffischer · 01-17-2024

Hello, consider a deployment where endpoints authenticate with EAP-TLS and ISE is using AD integration for retrieving and checking group membership of authenticating hosts. While registering new (or re-imaged) nodes to such ISE deploymentswe always r...

ffischer · 01-17-2024

Hello Cisco, we are running a Deployment with 18 ISE nodes; every node is joined to 4 Domainsresulting in totally 72 domain joins ! It is running for more than 5 years now without major issues. As you do not give any details,neither about the node no...

ffischer · 08-20-2019

Hi Cisco, Hi Community, One of my clients has exactly the same requirement. In our deployment we have 16 ISE Nodes in 7 Locations with several hundred Cisco switches as NADs.TACACS authentication, command authorization and command accounting is confi...

ffischer · 11-29-2024

For me, this answer would imply thatDuring an upgrade using the Backup and Restore method,all existing guest accounts including their passwords are preserved ?Can somebody definately confirm this ?Is there a really good reason why BRKSEC-2889 states ...

ffischer · 10-11-2024

Did some more tests on my lab VM... (ISE 3.2) on eth1:results: IP with /31 mask can be configured on ISE interfaceip default gateway can be set to the other IP address in this /31 netgateway on the /31 net can be pinged successfullyan IP address in a...

ffischer · 03-22-2024

MHM, basically this would be a valid approach...Meanwile I set up another eval VM with 3.2 and while installing digged a bit through the profiling design guide - nmap probeParagraph "NMAP Probe Endpoint Scan" says:"Endpoints that match the Unknown pr...

ffischer · 03-21-2024

Cisco Identity Services Engine Installation Guide, Release 3.2 - CiscoWell, I know the Node Communnication matrix, the ports and and the table "Required Internet URLs" for specific features at the end of this page.But imho it is not totally clear d...

ffischer · 03-21-2024

Nope. The switch device sensor reports an MAC/IP to ISE.On ISE, this triggers a nmap scan to the IP reported.I could switch this automatism off completely, but this would lower our visibility what gets connected to the net.I'd like to have more flexi...

Member Since	‎11-15-2001 08:50 AM
Date Last Visited	‎12-03-2024 12:01 AM
Posts	63
Total Helpful Votes Received	29

User Statistics

User Activity

Cisco ISE: support for /31 subnet mask on ISE Interface ? (RFC3021)

ISE - control NMAP - subnet inclusion ?

ISE: possibility to temporarily disable answering RADIUS Requests

CSCvu77718 - details ACTIVE_DIRECTORY_DIAGNOSTIC_TOOL_ISSUES_FOUND

CSCvm95153 - Collection Filters for TACACS needs to be more granular

Re: New ISE Implementation - Questions about the Guest User Base

Re: Cisco ISE: support for /31 subnet mask on ISE Interface ? (RFC3021

Re: ISE - control NMAP - subnet inclusion ?

Re: ISE - control NMAP - subnet inclusion ?

Re: ISE - control NMAP - subnet inclusion ?