Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,
We are running ISE 3.2 Patch 3 and using EAP-TLS. We are performing both machine and user authentication. We are seeing issues with a large number of '5440 Endpoint abandoned EAP session and started new'. The issue we have is that they seem to be...
Hi,
Is there any way, using the Catalyst 9800 WLC's to configure a critical access policy to enable clients that authenticate with 802.1X to access the network when the RADIUS server is down? On the wired, we can select this to place users in a certa...
Hi,
What options are there for enforcing SGT policy as close to the Virtual machine/application as possible in a VMware environment? I know previously we could have used the Nexus 1000V but with that no longer being solved, is there a solution for th...
Hi,
I have a customer that we are deploying Agentless Posture for and the plan is to use this as follows:
- Compliant = Network Access
- Non-Compliant = URL Redirect to web page to display next actions
Now the question is, when a user fails post...
Hi, Can the critical pool feature in SDA be used on multiple virtual networks at the same time? If so, I assume you'll require Data and Voice pools per Virtual Network, but how does this work with the default numbering of 2046 and 2047 for the VLANs ...
I’m working with TAC on this at the moment and they’re not sure the issue is MTU right now.
We have proved out that we can ping from site to ISE with an MTU OF 1500 and ISE to site with an MTU of 1472.
Currently looking at the possibility that the ...
Thank you - so there is NO fallback for 802.1X. This is more around the capability, rather than the possibility of the RADIUS server going down.
An additional question - if we're not using 802.1X, but MAB with Layer 2 Filtering - is there a way to f...
Hi Laura,
I've tested this as part of a deployment and user or machine cert will work fine as long as it's being presented when a user is logged in to the device. I.e if you're logged in and authenticate to your network with a machine or user cert...
Hi,
You won't need to use redirection if you're pushing the ISE posture configuration from your ASA.
I would recommend checking your client provisioning policy. Although you're not provisioning, this will still be checked. Make sure you have the...
