I'm trying to use Ansible "cisco.ise" module to add an LDAP server to ISE. There are modules to add an AD server (cisco.ise.active_directory), but I don't see anything for LDAP in this Ansible collection https://docs.ansible.com/ansible/latest/collec...
Hi,I have established connection between ISE 3.2 and Azure with REST ID. Users I can authenticate but I can't do the same for PCs. I know there is limitation: Note: ROPC is limited to User authentication since it relies on the Username attribute duri...
We are running in a particular issue when attempting to log into to the ISE appliance through the CLI on the KVM. When prompted to input the password we are asked to reset the password. After inputting the old password followed by the new password, y...
I've started to dive into ISE with virtual images running in EVE-NG. What i'm finding out is that some of the features we need to know just don't work (or at least I'm running wrong images) such as web redirection. Has anyone had luck using a virtu...
Hi all Just curious if there is a way in ISE to see the endpoint supplicant being used (Windows Native vs Cisco AnyConnect NAM)?Not sure if this possible - thought id ask.
I previously posted an issue of getting Wired ISE and 802.1X working properly with Windows Native Supplicant. That issue was resolved and the deployment of Wired ISE is coming along nicely.I now have a new issue that popped up recently...Components:W...
One of my PSN node has expired certificate. How can I need to do to change expired certificate? now I can't to generate CSR because of error "You are attempting to generate a CSR whose subject matches the subject of an existing certificate on the sam...
Hi all,I’m experiencing an annoying problem when configuring SXP between ASA and ISE for a PoC environment. I have configured Radius and basic Trustsec and ‘everything’ works fine until SXP is configured. SXP (ASA) won’t connect regardless settings o...
Ultimately we want to use AuthC via certificates for our FTD RAVPN users.We want to be able to use ISE's Internal CA to issue those certificates to endpoints.I can't seem to find documentation how to issue the certificates.I know how to setup a RAVPN...
I am in the process of standing up 6 new SNS-3755-K9 servers. They are running 3.1 software. I just did a back up/restore on the new environment from our production in order to get a lot of the configuration stuff done. When the nodes came back up I ...
In the middle of a update from 2.7 to 3.2. Currently each has 1 PSN and 2 PANCurrently running both in parallel due to an issue.Built the new node, imported the backup from the 2.7, registered certificates configure as a PAN as well and tested authen...
Hi all;Please refer to the following link that explains the "Allow Kerberos SSO" option in Sponsor Portal settings:https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_guest.html#concept_srz_bkb_4dbIf you ...
I just migrated from ISE 2.2 to ISE 3.1 and I am having an issue now where a lot of my endpoints come online on the switch, and ISE puts them in the correct VLAN, but by that point, the endpoint has already received an IP address from the VLAN on the...
Hi Experts, Every time the Secure client posture process starts, it warns about untrusted certificate for the PSN it is connecting. Certificates are issued by the internal CA and the computer has the root and intermediate CAs certificates added into ...
I need to create a read only custom privilege level for an automated service acct that can execute the show run and show tech commands. I used privilege level 2 for the radius authentication and have the below commands set on my test switch. I am abl...
