About K_L

K_L · 11-05-2021

I am having an issue where some interfaces are having the pre auth ACL take precedence over the dACL. I can see the machines authenticating normally with do1x. The dACL is being applied to the interface permitting traffic. Yet, the machine is having ...

K_L · 09-23-2021

I'm also seeing this on a 9300 switch with version 16.6.2

K_L · 08-18-2023

For anyone else running into this issue, your best bet is creating it yourself.Under Policy>Profiling, create a new endpoint policy.Name it Cisco-RoomKit or something similar.Set a minimum certainty factor (I used 100)Exception action: noneNMAP actio...

K_L · 07-06-2022

We ran into this and had to use the following command as a replacement:hardware qos afd profile ultra-burst

K_L · 06-15-2022

I had this issue also. What you need to do is extract the contents of the CSC...tar.gz file until you get the "ise-apply-CSC....tar.gz" file. That is the one that needs to be installed.

K_L · 11-09-2021

Thanks! Yes, these are all Cisco devices. I just had it happen again with a different switch. I'm going to open a TAC case.

K_L · 01-10-2020

For the most part devices will still attempt to authenticate MAB or 802.1x. But with monitor-mode, there will normally be a default dACL that allows all traffic at the end of the authorization policy. So devices will try to authenticate first, but ev...

Member Since	‎01-10-2020 10:02 AM
Date Last Visited	‎01-19-2024 10:21 AM
Posts	7
Total Helpful Votes Received	5

User Statistics

User Activity

ISE: dACL not overwriting pre auth ACL

CSCvp62408 - Controller Port Errors with Cisco PDs

Re: CSCvj15306 - Cisco ISE Profile - Room Kit/Spark/WebEx Board missin

Re: hardware qos buffer profile on 93180YC-EX

Re: Invalid Content Error ISE 2.4 patch 14 Hot fix CSCvx85807_2.4.0.35

Re: ISE: dACL not overwriting pre auth ACL

Re: Authentication open vs authentication order mab | dot1x