About Sven Hruza

Sven Hruza · 03-19-2025

Hello,is it possible to use two external identity sources one after the other?We do TACACS and RADIUS for admin access to network and security devices.In a first authentication step I need to ask AD because there is a MFA system connected to.But in a...

Sven Hruza · 01-24-2025

Hello,I configured now IPv6 network devices and we successfully authenticated with TACACS.But my TACACS log and the reports are empty.The internal logging is configured with the IPv4 addresses of the ISE appliances. And IPv4 device authentications ar...

Sven Hruza · 11-06-2024

Hello,I tried to configure some network devices in Cisco ISE 3.3 with IPv6 ranges, but it told that this is not a valid IP address.I tried it simillar to IPv4, and also some other formats like2aaa:1234:1234:1234::0001-00042aaa:1234:1234:1234::0001-2a...

Sven Hruza · 09-24-2024

Hello,I updated a ISE deployment from version 3.2p4 to 3.3p3.For backup I use a SFTP server with PKI authentication. This repository worked with the old version, but is not with the new one.I checked the host_key, added all new and added also the exp...

Sven Hruza · 09-09-2022

Hello,is it possible to authenticate users of the ERS API against an external identity source like LDAP?The API works well with a local admin account put in the admin group "ERS Admin".If I create another admin group mapped to an external role config...

Sven Hruza · 03-26-2025

You can convert the tacacs license to smart license like every other license for ISE.It worked for me straight forward.After this is done your ISE server should take it and add as much licenses as needed in your deployment.

Sven Hruza · 03-21-2025

Thanks for that description of your config. Yes, you are right, this LDAP syntax is always strange for me...We did some more testing today, and found a solution, I think.We configured it again from the beginning and now the roles can be used as expec...

Sven Hruza · 03-20-2025

Hello Arne, and thank you for the reply!I tried to configure that on my test system with v3.3p4. But it was not successful.For testing I added the internal user database in the authentication policy.In the authorization policy I added a condition for...

Sven Hruza · 01-24-2025

Yes it was empty. A service restart on the appliances doing the primary logging service helped.Now all looks fine and same for IPv4 and IPv6.No idea what happened here....Thanks anyway!

Sven Hruza · 11-07-2024

Hello Thomas and thanks for the response!That means I must switch from wildcard objects in IPv4 to single device objects in IPv6.Do you know, is there a limit of network device objects in the ISE?Thanks!

Member Since	‎09-29-2006 12:59 AM
Date Last Visited	‎03-20-2025 01:13 AM
Posts	336
Total Helpful Votes Received	103

User Statistics

User Activity

ISE - Querying two external sources one after the other

Cisco ISE - TACACS logging for IPv6 network devices

Cisco ISE - Network Devices with IPv6 ranges

Cisco ISE 3.3p3 - repository with PKI auth is not working

ISE 3.1 ERS API authentication via external identity source

Re: Device Admin license in Cisco ISE

Re: ISE - Querying two external sources one after the other

Re: ISE - Querying two external sources one after the other

Re: Cisco ISE - TACACS logging for IPv6 network devices

Re: Cisco ISE - Network Devices with IPv6 ranges