Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,is it possible to use two external identity sources one after the other?We do TACACS and RADIUS for admin access to network and security devices.In a first authentication step I need to ask AD because there is a MFA system connected to.But in a...
Hello,I configured now IPv6 network devices and we successfully authenticated with TACACS.But my TACACS log and the reports are empty.The internal logging is configured with the IPv4 addresses of the ISE appliances. And IPv4 device authentications ar...
Hello,I tried to configure some network devices in Cisco ISE 3.3 with IPv6 ranges, but it told that this is not a valid IP address.I tried it simillar to IPv4, and also some other formats like2aaa:1234:1234:1234::0001-00042aaa:1234:1234:1234::0001-2a...
Hello,I updated a ISE deployment from version 3.2p4 to 3.3p3.For backup I use a SFTP server with PKI authentication. This repository worked with the old version, but is not with the new one.I checked the host_key, added all new and added also the exp...
Hello,is it possible to authenticate users of the ERS API against an external identity source like LDAP?The API works well with a local admin account put in the admin group "ERS Admin".If I create another admin group mapped to an external role config...
You can convert the tacacs license to smart license like every other license for ISE.It worked for me straight forward.After this is done your ISE server should take it and add as much licenses as needed in your deployment.
Thanks for that description of your config. Yes, you are right, this LDAP syntax is always strange for me...We did some more testing today, and found a solution, I think.We configured it again from the beginning and now the roles can be used as expec...
Hello Arne, and thank you for the reply!I tried to configure that on my test system with v3.3p4. But it was not successful.For testing I added the internal user database in the authentication policy.In the authorization policy I added a condition for...
Yes it was empty. A service restart on the appliances doing the primary logging service helped.Now all looks fine and same for IPv4 and IPv6.No idea what happened here....Thanks anyway!
Hello Thomas and thanks for the response!That means I must switch from wildcard objects in IPv4 to single device objects in IPv6.Do you know, is there a limit of network device objects in the ISE?Thanks!
