Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm currently testing IOS 16.9 with IBNS2 network access config on a 9300-Series switch .
It seems that the session-timeout transmitted from Radius (ISE 2.4) is not triggering any re-authentication of the connected device.
I used/tested several way...
I often notice that updated feed policies are skipped because the policy was canged by an admin (me).In the past the cisco provided policies weren't detailed enought to use them for secure authentication policies, so I modified/added a lot of them.Is...
I am searching for a solution to automatically classify RogueAPs starting with a known string as friendly.I.e. all SSID is starting with TEST (i.e. TESTn3Tw0rk) should be classified as friendly.I already tried to setup a Rogue-AP-Policy containing Us...
Hi!I configured an IE300-Series-Switch to use an ntp server as time source and ptp to at as a boundary clock.Syncing the internal clock to the NTP time works as expected, but the ptp clock stays completely out of sync.So my question is how to sync th...
Hi!Regarding our international subsidiaries there are many names that contain the character "-" (i.e. Pierre-Pascal)When trying to create an new Guest Account the ISE refuses it because of an invalid character in the "First Name" field.In other formu...
If you're managing a bunch of switches and your monitoring is showing warnings for all of them all the time, you'll never notice when there is a "real" issue. Manually checking them all in a regular interval if there is a "real" issue or just some co...
From my view its not just cosmetic if a management system that is desired to automate/maintain switch configurations is showing an error where is none. It's not doing its job if you have to check them all manually.
We had the same issue, too.IP device tracking was causing this log messages at other switches.Configuring a no-track policy and attach it to the uplinks solves the issue.
device-tracking policy DEVICE_TRACKING_UPLINK trusted-port device-role switch ...
Hi Greg,I was never asking the ISE to become an Enterprise CA - I was just asking why it does not support Cisco products.E.g. for RADIUS DTLS with ISE the devices need to have certificates installed, but its own/internal CA is not supporting them.
