Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About tisnow
06-28-2019
Stats
Member since
07-22-2008
27
Posts
9
Helpful
0
Solutions
Created by
tisnow
in Policy and Access
in Policy and Access
02-15-2018
05:04 AM
02-15-2018
05:04 AM
Sir Hyps, That's great news... To confirm, that if the client changes IP but doesn't trigger one of the methods of address detection (re-association, shutdown/logoff, etc) then we won't know. But in this case, since I would be transitioning from wired to wireless, I will now have a new RADIUS session so a new binding is created. Would this require ISE to be in Active as opposed to PIC mode as in your second example I understood that a passive ID learned from AD could be switched with a RADIUS message including MAC address. Tim
... View more
02-14-2018
05:20 PM
If I have a user on wired that we've been able to capture identity information from a kerberos login to AD. The user then unplugs docking station and moves to wireless without logging off (current issue is that firewall then see's a new connection with unknown identity information) — Is there any way ISE-PIC will see this IP address change if the only trigger is a new wireless association/login?
... View more
Labels:
10-29-2015
08:04 AM
This should help.
Configure ISE 2.0: IOS TACACS+ Authentication and Command Authorization based on AD group membership
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200208-Configure-ISE-2-0-IOS-TACACS-Authentic.html
... View more
10-29-2015
07:53 AM
ISE 2.0 has been released with 3rd party support and TACACS+
See the new feature documentation for scale and any ACS>ISE Caveats
... View more
08-11-2014
09:45 PM
Yes, it can be disabled. ise12/admin(config-password-policy)# no password-lock-enabled ? <cr> Carriage return Have you deployed an IPS in front of ISE to looking for HTTP Posts specifically for username/password? What if you had 5 different people logging into ISE at the same time and each mistyped the password. Would your signature fire? What if it was just 1 person with 5 incorrect logins? What if it's encrypted? Are you going to look for the ISE reply message of " Invalid username or password" 5 times then fire the rule?
... View more
02-25-2014
10:54 PM
2046 is likely related to an incorrect FTP (Not using Binary mode). Use "bin" keyword when FTP'ing otherwise it will default to ASCII mode and possibly the files were corrupted. Log into your Prime server then Cd to /opt/CSCOlumos/apache-tomcat-7.0.40/webapps/webacs/applications/common/flex/treetable . Issue the commands : md5sum framework_4.5.0.21746.swz md5sum mx_4.5.0.21746.swz md5sum spark_4.5.0.21746.swz Compare the MD5's to below [Path] / filename MD5 sum ------------------------------------------------------------------------------- mx_4.5.0.21746.swz 20e9863c8997ba1f7231e326f348fb79 spark_4.5.0.21746.swz 8a9c6a836f9dc0aaccfdccc33668f92d framework_4.5.0.21746.swz fa5da6e65212622e33a9a1a41fc1acea If they don't match, that's the reason for your signature failure 2046. To fix Login to PI as root Navigate to the following directory /opt/CSCOlumos/apache-tomcat7.0.40/webapps/webacs/applications/common/flex/treetable Delete the current files. Copy the files again using correct method above (Binary mode) Restart the PI services ncs stop ncs start Of course, you all could save yourself some trouble and give the PC access to the internet to download the correct Adobe files rather than using the Prime server to do system updates.
... View more
Created by
tisnow
in VPN and AnyConnect
in VPN and AnyConnect
10-09-2013
10:21 PM
10-09-2013
10:21 PM
Marvin, Prime 1.2 has supported for DMVPN so not sure what you mean about 1.3 "is not the tool to use for setting up a DMVPN" http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/quickstart/guide/cpi_qsg.html Also, see the DMVPN templates here http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.2/user/guide/create_temps.html#wpmkr1074176 Note, that was from 1.2, and Prime 1.4 has been released
... View more
03-06-2012
11:23 PM
What version are you running? Have you checked the VMware settings against the recommendations for memory/HD/CPU/etc? Have you checked that the VM is set to bridge mode? I've been runnint 1.0.4 in my lab for 4 months and have had it shut it down (improperly, due to power interuptions) and I haven't seen this problem.
... View more
12-02-2008
03:28 AM
Is there any reason why I wouldn't be able to see the "Package Sharing" tab under the CS-MARS forum. I'm trying to find some pre-built parser templates, primarily for Tipping Point boxes.
... View more
Labels:
Created by
tisnow
in Identity Services Engine (ISE)
09-06-2018
09-06-2018
looking at the localgroup seems to work but I don't have an AD to test
if that attribute is passed d...
09-06-2018
Has anyone successfully done a posture check for a) locally signed in
with admin rights b) LAR as an...
Created by
tisnow
in Identity Services Engine (ISE)
05-08-2018
05-08-2018
1A) Could we confirm 100 would work?1B) The documentation bug is here
-URL Redirect Mechanism and Au...
Created by
tisnow
in Identity Services Engine (ISE)
05-08-2018
05-08-2018
I have a partner that has successfully done a test on deployment ISE at
a regional hub with posture ...
02-15-2018
Sir Hyps,That's great news... To confirm, that if the client changes IP
but doesn't trigger one of t...
02-14-2018
If I have a user on wired that we've been able to capture identity
information from a kerberos login...
01-11-2017
Confirmed the followingDeleting from the group as RegisteredDevices
doesn't fix the problemDeleting ...
01-11-2017
"Administration > Identities > Endpoints"This purges the system from the
Database whereas removing f...
01-11-2017
Can you advise how to remove it "completely" from ise?I made the
assumption removing it from the Reg...
01-11-2017
"After testing some BYOD options, I was toying around with the guest
services deployments."The clien...
01-11-2017
After testing some BYOD options, I was toying around with the guest
services deployments.I've remove...
Created by
tisnow
in Identity Services Engine (ISE)
11-04-2016
11-04-2016
Thanks Jason and Hosuk.We've done a few things.1) The controller was
upgraded from 8.0.100.0 (No Ide...
Created by
tisnow
in Identity Services Engine (ISE)
11-01-2016
11-01-2016
Hi Jason,Thanks for the note.It seems to be happening with Android and
IOS.On the video recorded bel...
Created by
tisnow
in Identity Services Engine (ISE)
11-01-2016
11-01-2016
Apple devices connecting to a AP 700/WLC 2504. ISE 2.1Currently captive
bypass is disabled.Client co...
Public Statistics
| Date Registered | 07-22-2008 10:13 PM |
| Date Last Visited | 06-28-2019 12:02 AM |
| Total Messages Posted | 27 |
| Total Helpful Votes Received | 9 |
