Adding Network Devices to ISE?

Similar Messages

• How to import network devices on ISE 1.2

  Hi, experts,
  I'm trying to import network devices on ISE 1.2.0.899
  so I downloaded the template and opened with notepad and wrote all the nessesarry information.
  and I tried to upload to ISE, and it just said import failed. no reason..
  does anyone know how to do it ?

  Hi jiyoung
  This import failed error might occur due to following reasons so please make sure that :
  You are not running two import jobs of the same resource type at the same time. For example, you cannot concurrently run two import jobs to import network devices from two different import files.
  More over please make sure that while configuring the network devices you are performing job from a super admin or network device admin group.
  Best Regards:
  Muhammad Munir
  Hi, experts,
  I'm trying to import network devices on ISE 1.2.0.899
  so I downloaded the template and opened with notepad and wrote all the nessesarry information.
  and I tried to upload to ISE, and it just said import failed. no reason..
  does anyone know how to do it ?

• Multiple Network Device Groups when importing to ISE using template

  I have a question about importing a group of network devices into ISE using the template provided. The template only has a single column for Network Device Groups - is there a way to import devices and include more than one NDG? For instance, the NDG's we use are "Device Type" and "Location". I'd like to include both when doing my import and I've tried multiple ways to seperate the two strings within the column (comma's colons, semi-colons, spaces, pipes, tabs, etc), but i always get an error message that "NDG group does not exist". I also tried adding a new column into the template, but that just plain failed to import.
  If there is any way to do this, I would appreciate any advice on how - I have to add about 40 devices per week to our ISE deployment and I'd rather not have to go in and add any parameters manually if it can be helped. Thanks very much!
  Ross
  BTW, we are running ISE ver 1.1.2 in case it is relevant.             

  Yes, you can do it. You have to use the pipe "|" to separate the groups. But please notice you must create the network device groups in advance.
  For example, I have the following groups in my csv file to import a lot of network devices
  Device Type#All Device Types#SWITCHES#375O-X|Location#All Locations#PERU#LIMA
  But as a pre-requisite I have to create the network device groups.
  If you have lots of network device groups, you can mass import them instead of creating them one by one.
  Please rate if it helps

• ISE 1.2 network device editing

  I have upgraded to ISE 1.2 and the latest patch and noticed a bug where editing network devices, you are unable to save changes as the "Save" button is greyed out. It also appears to have SNMP unchecked for all devices even though there is configuration for them.

  Hi
  Make sure that you have defined Security Group Access (SGA)-enabled devices in Cisco ISE to process requests from SGA-enabled devices that can be part of the Cisco SGA solution. Any device that supports the Security Group Access solution is an SGA-enabled device.
  SGA devices do not use the IP address. Instead, you must define other settings so that SGA devices can communicate with Cisco ISE.
  If you are importing network devices from previous release then You cannot import network devices in Cisco ISE, Release 1.2 that are exported in previous Cisco ISE, Releases 1.1 and 1.1.x as the import template for these releases are different.
  You can import a list of device definitions into a Cisco ISE node using a comma-separated value (CSV) file. You must first update the imported template before you can import network devices into Cisco ISE. You cannot run an import of the same resource type at the same time. For example, you cannot concurrently import network devices from two different import files.

• ISE Could not locate Network Device or AAA Client

  When authenticating using 802.1x and MAB, I recieve an authentication failure with the error 11007(Could not locate Network Device or AAA Client). The root cause that ISE spits back at me is "Could not find the network device or the AAA Client while accessing NAS by IP during authentication." I did pretty much everything by the book except instead of using a loopback interface I used a vlan with a defined ip address.  Could this be causing the problem?
  Here is the config of the port that I'm testing on:
  interface GigabitEthernet1/0/9
   switchport access vlan 9
   switchport mode access
   switchport voice vlan 8
   ip access-group ACL-ALLOW in
   srr-queue bandwidth share 1 30 35 5
   queue-set 2
   priority-queue out
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 4
   authentication event server dead action authorize voice
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication violation restrict
   mab
   mls qos trust device cisco-phone
   mls qos trust cos
   dot1x pae authenticator
   dot1x timeout tx-period 10
   auto qos voip cisco-phone
   spanning-tree portfast
   service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
  end

  I can ping both the vlan and the endpoint from the ISE.  As far as allowing ISE to speak snmp and RADIUS to the NAD, I have enabled it on the NAD config inside the ISE. I have also double checked the snmp and radius shared passwords.
  I have gotten MAB authentication to work but I am still getting the same error for dot1x authentication. Here are some of the configs on the switch.
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authentication dot1x defualt group radius
  aaa authentication dot1x group group radius
  aaa authorization network default group radius
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
  aaa session-id common
  ip radius source-interface TenGigabitEthernet1/0/1
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server host 10.10.10.47 auth-port 1812 acct-port 1813 test username test key 7 097940581F5412162B464D
  radius-server vsa send accounting
  radius-server vsa send authentication
  dot1x system-auth-control
   authentication order dot1x mab
   authentication priority dot1x mab
   dot1x pae authenticator
   dot1x timeout tx-period 10

• ISE Failed to Create Network Device Error

  I am trying to add new network device to a new out of the box ISE 3315 appliance under the Administration > Network Resources section.  I was able to do this the other day but now when I try I get an error that says "Failed to create network device.  System Error!
  Any ideas?  I tried a reboot, and Iam pretty certain I was able to do this a few days ago.  Its a lab device so only I have touch it.  Only other thing I can think to add is that I am running on an eval license until my regular licenses arrive.  From what I see I have 81 days left on my base and advance package eval licenses.

  Is there a certain amount of AAA client for that eval license?
  Thanks,
  Scott Fella
  Sent from my iPhone

• Loose wifi when adding a networking device to my Fios Actiontec router

  Ok so here's the story:
  I switched to FIOS from another company recently. So far so good. I have a main hard wired desktop and 2 laptops w/wifi. All runon Window Vista
  Starting about 2 weeks, ago, I coudn't connect wiressly anymore. I tried everything (re-booting, re-installing, etc etc, you name it). All I would get was "Local Access Only" (on all 3 computers) when trying to go wireless.
  I spent a good while with a VZ tech on chat and in the end, he decided it was best to send me a new router.
  The new router arrived today. And go figure, that was not the issue. I connect everything as instructed and still would have no wi-fi.
  So..after much thought, I decided to unplug my Aruba Networks device from the router. It's one of those devices used to download data from a hand held computer like the one's UPS drivers use: http://www.arubanetworks.com/
  AND! now it works like a char, wi-fi back on, on all 3 computers, fast, no problem.
  I a assuming that there's some sort of networking/IP/whatever conflict between the Aruba controller and the router. Problem is, my boyfriend really needs it connected and I really need my wi-fi. So...any idea how I would go about adding this device to the router without causing any conflicts to my network?
  THANKS!
  Alex
  Solved!
  Go to Solution.

  Has your boyfriend rerun the provisioning process since you switched to FIOS?
  There is a quickstart guide here:
  http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/23814/1/RAP...
  That quickstart doesn't give any information on how the RAP-2WG interfaces with a local LAN.
  You're probably going to have to get you boyfriend's IT department involved.
  My guess is that the Aruba device is trying to "own" the 192.168.1.x subnet, which is what the FIOS router uses.

• Support for Network Devices

  Hi All,
   I am working on the network evaluation for a client environment and was looking for using Prime Infra as a solution for Network management. I see that following devices are not listed in the support matrix. Can someone help me to understand if this can be monitored and managed in cisco prime Infra 2 ?
  Cisco 2248
  cisco 4948
  cisco 4300
  cisco 3745
  cisco ASA FWSM
  Cisco WS-C4948
  Cisco C3550-48
  Cicso C3550-24
  Cisco C4006
  Cisco WS- CBS3020-HPQ
  Cisco WS-CBS3120X-S
  Cisco WSX 5302
  Skr...

  What version of ISE are you on? There isnt a maximum number of network devices listed anywhere but I am sure that exceeding 500 is no where near the threshold. What has worked for me in the past is adding one device manually and exporting that device using the csv method and use that csv to add the other devices ip address and copy and paste the same columns.
  It could be something as simple as missing a field where the UI isnt catching or an undocumented issue that are hitting.
  Thanks,
  Tarik Admani

• Discovering Network Devices with SNMP not working

  I have implemented SCOM 2012 SP1 CU5 on Server 2008 R2 with SQL 2008 R2 all installed on the same VM running side by side with SCOM 2007 R2 v 6.1.7221.0. I have almost fully decommissioned SCOM 2007 and all that remains on it is 2 network devices that
  I cannot discover with SCOM 2012 using SNMP, no matter what I try. If I just use ICMP the discovery works. I have checked both the devices and SNMP is enabled and if I run this snmpwalk command on both devices I get a response;
  c:\Support\SNMP Walk>SnmpWalk.exe -r:10.X.X.XX -v:1 -c:"public" -os:.1.3.6.1.
  2.1.1 -op:.1.3.6.1.2.1.2
  SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
  [ More useful network tools on http://www.snmpsoft.com ]
  OID=.1.3.6.1.2.1.1.1.0, Type=OctetString, Value=NetMan 100 plus
  OID=.1.3.6.1.2.1.1.2.0, Type=OID, Value=1.3.6.1.4.1.5491.6
  OID=.1.3.6.1.2.1.1.3.0, Type=TimeTicks, Value=5 days, 1:58:58.04
  OID=.1.3.6.1.2.1.1.4.0, Type=OctetString, Value=SystemsEngineer
  OID=.1.3.6.1.2.1.1.5.0, Type=OctetString, Value=MARMUPS
  OID=.1.3.6.1.2.1.1.6.0, Type=OctetString, Value=FXXXXX
  OID=.1.3.6.1.2.1.1.7.0, Type=Integer, Value=0
  Total: 7
  c:\Support\SNMP Walk>SnmpWalk.exe -r:10.X.X.1 -v:1 -c:"scom05" -os:.1.3.6.1.2.1
  .1 -op:.1.3.6.1.2.1.2
  SnmpWalk v1.01 - Copyright (C) 2009 SnmpSoft Company
  [ More useful network tools on http://www.snmpsoft.com ]
  OID=.1.3.6.1.2.1.1.1.0, Type=OctetString, Value=SSG-140 version 6.3.0r2.0 (SN: 0
  185112006000325, Firewall+VPN)
  OID=.1.3.6.1.2.1.1.2.0, Type=OID, Value=1.3.6.1.4.1.3224.1.52
  OID=.1.3.6.1.2.1.1.3.0, Type=TimeTicks, Value=359 days, 2:20:16.00
  OID=.1.3.6.1.2.1.1.4.0, Type=OctetString, Value=Network
  OID=.1.3.6.1.2.1.1.5.0, Type=OctetString, Value=XXXXXX
  OID=.1.3.6.1.2.1.1.6.0, Type=OctetString, Value=FXXXXX
  OID=.1.3.6.1.2.1.1.7.0, Type=Integer, Value=72
  Total: 7
  The first device is a Marms UPS which has had its firmware upgraded, which was discovered using SNMP in SCOM 2007 and the second device is a Juniper SSG-140 Firewall, again this is discovered using SNMP in SCOM 2007.
  I believe that I have setup SNMP correctly on SCOM 2012 because I have 28 other networks devices discovered using SNMP using an explicit discovery, some of these being newer Marms UPS's, emerson air conditioners, netapp SAN etc.
  I have added any and all accepted community names in the SNMP service properties on SCOM 2012 and enabled accept SNMP packets from any host.
  Does anyone have any information that they could forward to me or point in the right direction to troubleshoot this issue for eg run some snmp get commands and capture / filter traffic with wireshark, what do I look for? Any other logs to check besides the
  obvious ones? Any known issues with SCOM 2012 SP1 and SNMP, should I upgrade to R2? It just seems that some network devices get discovered with ease and others do not and I am running out of ideas. Thank you all in advance.

  Patrick, thank you for your reply.
  Yes the snmpwalk command is run from the new SCOM 2012 server which has the discovery rule on it.
  I don't have any pending network devices, its blank.
  Could there be an issue with my discovery rule? I have noticed that each time I make a change to, for eg, the access mode and change this from ICMP to ICMP/SNMP, save it, run it, it doesn't seem to update the said network devices access mode's in network
  devices, it just stays on ICMP. Do I have to manually remove the network devices which have been discovered before making any changes to the discovery rule and running it which I have done? They don't seem to appear in network devices pending management either?

• EA6500 has numerous "network devices" with no MAC

  I have noticed from time to time I get many (15-20) "network devices" in the Device List with no MAC address. I notice this mainly when managing Parental Controls. I go and clean up the Device List and days later they reappear.
  Another interesting thing is that the computer I am writing this with (through the router) does not show up in the Device List and I have an IP address from the router.
  I have the latest firmware 1.1.28.146856.
  Does anyone else see this on their EA6500?

  There are a lot of people who reported similar or related cases that you have right now. From what I have read, they reset their routers back to factory settings. There is one who got to a work around by adding all of his devices to the DHCP Reservation List and the router is working fine after that.

• Adding a device to a zone

  Hello,
  I have been trying to virtualize an old Solaris 8 machine to a container with great success....except...
  The software running on this server uses appletalk to communicate to file shares and printers. When I tried a fresh install of the software in a Solaris 8 container, I couldn't install the /dev/ddp kernel driver. After doing some reading, I found that I can't run add_drv in the zone. So I then decided to p2v the server. I ran flarcreate with no problems and was able to install the zone with it. However, the /dev/ddp device driver was not there. I decided that I would build the kernel module in the global zone. That worked. I then changed the zonecfg for the zone and added the device with set match=/dev/ddp and it shows up in the zone now under /dev/ddp. Then I got the error that my network card couldn't be found. Sure enough, /dev/eri was not in the /dev directory, so I added it with zonecfg. Now I get an error that says permission denied when the appletalk daemon tries to configure the device. I am assuming that becuase the zone is trying to talk directly to the device, I can't do this.
  I guess my question is does anyone know a way to get appletalk to work from inside a zone?

  This is a crazy idea I haven't thought of yet, let me know if anyone thinks it will work or if it can even be done?
  The core server is a Sunfire 280R that is in a cluster. (We run HA Zones, you can read my article in big admin on how to set this up at http://www.sun.com/bigadmin/content/submitted/ha_containers_zfs.jsp) I have 6 NIC interfaces in the servers, of which, only 4 are being used (1 for our network, 1 for a backup network to backup server and software, and 2 for the cluster interconnects). If I were to assign a NIC via poolcfg and give it direct access to the zone, would that work? It looks like poolcfg only is used to setup processor resources. I have been looking through out Sun's website and online documentation to even see if this is possible, which I haven't found just yet. Which means it hasn't been done before, or it can't be done. I'm leaning on the first option.
  If anyone out there has any ideas or where I can look to get answers, I would greatly appreciate it.
  Thanks,
  Luke
  Edited by: mbunixadm on Sep 22, 2008 10:01 AM

• Network devices discovered but not managed

  SCOM 2012 R2 management group. A dedicated network monitoring resource pool consists of two MSs. These two MSs have been removed from AMSRP and other two default resource pools (AD.., Notification...) - is this correct?
  Two discovery roles:
  role1 runs on GWS1 discovered (explicitly) 5 devices and shown all "healthy". This rule was using AMSRP to monitor, but changed to the dedicated pool after it was created.
  role2 (added after the dedicated resource pool was created) runs on GWS2 discovered (explicitly) 2 devices but shown as "not monitored"
  How to find out what's wrong? (log files etc?)
  Anything need to check with the resource pool settings?
  Thanks.

  Hi,
  Do you mean that you have discovered the two network devices on your Management server, but it is not monitored.
  This issue maybe caused by the proper management pack was imported, please go through the below article to get more information about how to monitor network device by using SCOM:
  http://technet.microsoft.com/en-us/library/hh212935.aspx
  Network Monitoring using System Center Operations Manager 2012
  http://blogs.technet.com/b/rohitkochher/archive/2011/11/26/network-monitoring-using-system-center-operations-manager-2012.aspx
  Regards,
  Yan Li
  Regards, Yan Li

• Discovering Network devices on 2 different subnets

  Hello
  I am trying to discover the network devices available in 2 different subnets (10.0.0.0) and (172.0.0.0), I installed 2 interface cards on the operations manager  management server, each interface should reach the network devices in their address range,
  I tested reaching various network devices in the 2 subnets "using the application MIB browser" and everything is ok.
  now I added the devices IP addresses to the network discovery rule, 90% of the devices are discovered but some devices are not shown in the discovered devices nor the pending management pages! while they are added to the rule.
  I logged onto the failed device which its interface is connected to the subnet 172.0.0.0 and checked the snmp logs and found that the operations manager management server is failing to access the device using SNMP using the subnet 10.0.0.0.
  so I think now that operations manager uses the primary interface card 10.0.0.0 to access the remote device using snmp, so how do I enforce SCOM to discover the 172.0.0.0 devices using the 172.0.0.0 interface card.
  Thank you
  Mohammad, IT NOC Team

  Hi Yan,
  no many of the devices in the subnet 172.0.0.0 are discovered but some of them are not, those which are not discovered and are not appearing under the pending management. also when accessing those devices and checking the snmp logs I see failed attempts
  to read snmp from the SCOM IP address which is on the subnet 10.0.0.0 isn't strange that SCOM uses the IP 10.0.0.0 to access a device on the subnet 172.0.0.0
  Thanks
  Mohammad, IT NOC Team

• Network device disappeared

  Hi!
  I was adding some network devices to SCOM 2012 R2. One of my network devices appeared as a pending device. Reason: No Response SNMP.
  After I added my scom management server to the accepted list on the server I wanted to monitor under the SNMP service it just disappeared from my SCOM management console. I cant find it under pending or Network Devices now.
  If I try to run a discover again I cant find the device again, even if I remove the scom management server from the accepted list on the SNMP service. The only way to find the device again is to discover it only using ICMP.

  Hi,
  Please check the event log of the Management Server where you assigned discovery to run. If discovery was a success, you will see your network device show up in the Admin console, under Network devices.
  Niki Han
  TechNet Community Support

• Adding a Device: -201401. Make sure device is connected?

  I have been able to set-up my Measurement & Automation explorer to detect my device (NI cDAQ-9188), but I'm having trouble adding the device.  The error statement states:
  Add device has failed.  The error report from the device driver is as follows:
  Add device
  -201401
  Retrieving properties from the network device failed.  Make sure the device is connected.
  How do I resolve this issue so that I can test my I/O modules?
  Solved!
  Go to Solution.

  DAQmx version: 9.7.5
  Operating System: Windows 7 64-bit
  Initially:
  In the Network Adapters tab it reads:
  - No network adapters found
  In the firmware tab it reads:
  -  firmware version: 1.1.0f0
  Based on the status of the network setting tab, I assumed my problem was related to the network connection.  I reset my network adapters and this seemed to resolve my issue.  Thanks for your help.