CIsco ISE NFR

Hi All
i have just got ISE NFR 1.2 and i couldn’t find document that show the credentials or even how it is preconfigured , After search i found a threat that tells ISE credential is admin\default1A but didn’t work for me and i had to break it but i have another issues
1- i still need Linux VM credential
2-document that show the installation process
3- NFR team email support
thanks in advance

The USB key that the NFR shipped with should have had a readme, but if you don't see it the readme references this article that has all of the information you will need.
You will have to login with your partner credentials to access the link.
https://communities.cisco.com/docs/DOC-36078

Similar Messages

ISE NFR kit is a preconfigured VM. How to integrate it on existing demo scenario?

Hello,
Just got an ISE NFR kit.
I actually thought that this would just as any other Cisco product where you get a license that will limit your amount of registered devices.
Instead we get a preconfigured VM, tuned and tweaked to work on a corp.rf-demo domain.
The problem that I have that will lead to my question is:
- I have set up a fairly complex scenario using ISE on Evaluation license, using own lab/demo infrastructure, meaning specific DNS, AD, PKI, etc.
- from past tests I have discovered that ISE will NOT accept you changing the FQDN of the machine on the CLI, as internal variable substitution is done based on the initial setup FQDN - for instance for CWA or CPP URL redirection.
- I'd really like to simply license the scenario I already have so that it become part of our somewhat permanent demo showroom.
My questions are:
- is it possible to simply get a NFR license that you can install on a VM, and turn an Eval deployment into an NFR one? Cisco Licensing just told me that the NFR part number is non-licenseable. Does anybody have another idea?
- instead, is it possible to successfully change the FQDN name of the ISE NFR VM into whatever FQDN we need it to be, in case I do find the time to rebuild the entire configuration in this VM?
I have tried adding the NFR VM into my existing deployment as a secondary Admin node, but its license just got overriden by the eval one, as it should.
I'm assuming that if I backup the existing deployment and restore it to the NFR VM, the license will also get overriden. Can anybody confirm?
Thanks for any help/ideas.
Gustavo

Hello Gustavo,
If you resolve this please assist me :
1) Is it possible to customise the NFR version of ISE?
2) would we be able to get an extended evaluation license, both base and advanced, to apply to our lab ISE node.?
ISE NFR 1.2 software - logging not working after changingIP address of ISE. It is not possible to delete the "Remote Logging Targets" which includes itself and the IP address 10.1.100.21. Please advise on how to customize.

Remote Access VPN posturing with Cisco ISE 1.1.1

Hi all,
we would like to start using our ISE for Remote VPN access.
We have run a proof of concept with the ISE & IPEP with a Cisco ASA5505. We got the authentication working however posturing of the client did not work.
That was a few months ago and so I was wondering whether any design document is available specifically around Using the Cisco ISE for Authenticating & Posturing Remote Access VPN clients.
I understand that version 9 of the ASA code is supposed to eliminate the need for Inline Posture, does anyone know whether this will also allow posturing too?
We do intend to by Cisco ASR's aswell, but I am sceptical of this as i do not know how many VPN licenses you get out of the box. The ASA's we have allow up to 5000 IPSec VPNs without having to purchase any licensing. What I do not want to do is to switch to SSL VPNs as this again will increase cost.
I know ISR's are support NADs but what about ASRs? There is no mention.
Any advise will be appreciated!
Mario

OK, I have come accross the Cisco Validated design for BYOD and in there it has a section about Authenticating VPNs.
thats great... however it does not mention using the Inline posture node. Does anyone know if there is a limitation using Inline Posture and SSL VPNs...?
essentially my requirements are
2-factor authentication VPN using a Certificate & RSA Token
Posturing of the VPN endpoint.
Ideally i would like to use IPSec VPNs as i have licenses already for these on my ASAs. But if it will only work with SSL & AnyConnect, then so be it.
Can anyone help?
Mario

Multiple domains authentication on Cisco ISE

Hi,
Does the current Cisco ISE supports for authenticating on multiple Active Directories ?
I can only set Cisco ISE to join on single active directory and LDAP
Does anyone have set Cisco ISE to support EAP-FAST with WPAD or PAC provisioning ?
Thanks
Pongsatorn

Hi,
We are into a situation where we need to authenticate users of two domains and these two domains are completely independent (no common DNS server). ISE is not able to resolve one of the domain using the DNS server settings and Adding a host entry for the domain name is not sufficient since Kerberos, GC and LDAP SRVs need to be resolvable as well.
From what I know ISE 1.3 should supports disjointed domains and there is no requirement for ISE to have 2 way trust relationship with domains.
Please share your experience if someone has faced similar situation before.
Regards,
Akhtar

Cisco ISE trying to posture a device that should not be able to be postured

Overview:
Cisco ISE version 1.1.4. Windows PC will be postured using Web NAC agent. Mobile devices (Apple/Android) can't be postured and will be exempted from posturing. Mobile devices will be exempted using the condition EndPoints:PostureApplicable EQUALS No. This worked fine and mobile devices will be caught by this condition while Windows device will be caught by another that sends to posturing.
Mobile device authorisation policy configured:
Problem:
A few days later, mobile devices doesn't seem to end up in the policy that has EndPoints:PostureApplicable EQUALS No. After having a look at monitoring, Cisco ISE is classifies mobile devices as Posturable. The Posture Status previously was "NotApplicable" now shows up as "Pending". See below.
Troubleshooting:
I tried a total of 4 different mobile devices. 2 Apple and 2 Android. All of them have the Posture Status of "Pending". Interestingly after a few tries, both the Androids starting working and have the PostureStatus of "NotApplicable", no configuration changes were made. The 2 Apple device still doesn't work and show up as "Pending".
I have restarted ISE, Access Point and Apple device. I have also tried other Apple device. All with the same problem.
Have any of you guys experienced this before?

Hi,
I have also experienced the same issues as yourself and would recommend opening a tac case. However I have used the device registration web portal to redirect all previous detected mobile devices to accept the aup and have them statically assigned to an endpoint group so they do not hit this scenario.
I know it is a workaround but its the only way i could get this to work and not affect devices that were one time detected as such.
Tarik Admani
*Please rate helpful posts*

Cisco ISE 1.2 MDM Integration Question

I have a working Cisco ISE 1.2.1 install which I've performed the integration to our MobileIron server. The "integration test" reports that the integration is good, but whenever ISE verifies MDM compliance, registration, etc.. with MobileIron when a mobile device connects it always reports that all statuses are good even if they aren't.
My test phone is out of compliance on Mobileiron because of an unapproved app, but when the phone connects ISE believes the MDM compliance status is good. I'm not sure if it isn't really checking with MDM or if the Mobileiron server is reporting erroneous results.
I also saw in a video that the phone has to be registered with MobileIron through ISE. Is this correct? I don't plan to on-board devices with MobileIron through ISE, it will be done directly through MobieIron (not connected to the Wifi network).
I only want ISE to check the compliance status of the device against MobileIron and quarantine if it isn't compliant or MDM registered.
Any help would be appreciated

Saurav and others,
Unfortunately, on-boarding sets some attribute fields on the endpoints that will then allow them to participate in a policy. It is nice that we all have MDM integration working but we almost need another class of on-boarding for corporate devices that are already in the MDM of choice (where we prefer to manage them!)
There is a little documented feature in ISE.
It appears to me that;
the on-boarding turns on the following states for the endpoint;
BYODRegistration
No ( No becomes Yes)
DeviceRegistrationStatus
NotRegistered (becomes Registered)
( The device is actually registered in MobileIron - this means did ISE register with MI. )
No MI attributes will work without this magic. TAC engineers I have dealt with don't seem to understand this feature.
This is definitely an enhancement that is needed.

Cisco ISE 1.2 Patch 6 -- 8 Update failed

Hi all,
I wanted to know if any bugs was registered for the cumulative patch 8 for Cisco ISE 1.2 and how to mitigate any patch failures.
Important notice : I though that this error could be an unlucky try but i've tested the update two time.
Indeed, i have three deployment : A Pre-production one, a 4 nodes distributed and a 2 nodes distributed.
The patch works fine on the pre-production one, on the 2 nodes too but fails on the 4 nodes one with a very anormal behaviour.
On the "show nodes status" in Maintenance - Patch manage, i can see that my both PAN are successfully patched and the first PSN too but when the "Patch in progress" appears on the second PSN, the "installed" status is cancelled in the first PSN and become "Patch in progress" so i've two "Patch in progress" in parallel, that is an anormal procedure not discribed by Cisco on the document "Installing a software Patch". (wich discribe a sequential update of all nodes)
The symptoms after this error are :
- Unable to process EAP-TLS authentications ! (CA are stored on the First PAN and seems to be unavailable from PSN to exchange the handshake)
- The Application server try to restart but fails indefinitly even if i try to restart the node (on both PSN)
- GUI Unavailable
- MAB Auth is working
- Endpoint and Endpoint Groups menus are missing on the GUI (I push the MAC Address through the ERS API but it is very strange)
- Logs indicates one first "Patch success" on PAN and a second "Patch failed" still on PAN :(
The task that resolves this issue is to launch the command "patch remove ise 8" on all nodes and everything come back functional.
My big interrogation is that on my two other deployment, the patch was successfull and quick to process.
Thanks for your help.

This is that i did abviously... but the two PSN stay in status "Node down", the application service won't start correctly with these ADE-OS logs entries :
2014-05-28T10:26:30.023223+00:00 XXXXXXX logger: info:[application:operation:appservercontrol.sh] Starting ISE Application Server...
2014-05-28T10:26:30.311676+00:00 XXXXXXX logger: Loading PKCS11 ...
2014-05-28T10:26:30.978432+00:00 XXXXXXX logger: SLF4J: Class path contains multiple SLF4J bindings.
2014-05-28T10:26:30.978454+00:00 XXXXXXX logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/slf4j-log4j12-1.5.8.jar!/org/slf4j/im
pl/StaticLoggerBinder.class]
2014-05-28T10:26:30.978502+00:00 XXXXXXX logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/com.cisco.xmp.osgi.slf4j-log4j12-1.5.
8.PATCHED.jar!/org/slf4j/impl/StaticLoggerBinder.class]
2014-05-28T10:26:30.978509+00:00 XXXXXXX logger: SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
2014-05-28T10:26:31.638970+00:00 XXXXXXX logger: log4j:WARN No appenders could be found for logger (com.cisco.epm.config.cache.impl.ConfigCacheImpl).
2014-05-28T10:26:31.638992+00:00 XXXXXXX logger: log4j:WARN Please initialize the log4j system properly.

Cisco ISE 1.2.x with Posture Configuration - Windows Patches

Hi, Anybody has any experience in integrating Cisco ISE Posture with Microsoft SCCM?
With WSUS this works fine, but with SCCM I don't have any idea how to proceed. Anybody knows what it's included in the predefined rules
pr_WSUSRule and pr_WSUSCheck? I can't find any information in ISE Console or Cisco documentation.
Thanks.

Once agent performs the posture checks containing the windows hotfix checks, if the administrator configured the Launch Program Posture Remediation , agent will launch the script file which will initiate the windows hotfix updates via SCCM client configuration manager pre-installed/pre-configured on the box.

Help with cisco ISE 1.1.2.145 patch-3 to ISE 1.2.0.899-2-85601 upgrade procedure

Need help from ISE experts/gurus in this forum.
Due to a nasty bug in Cisco ISE (bug ID CSCue38827 ISE Adclient daemon not initializing on leave/join), this bug will make the ISE stopping working completely and a reboot is required (very nice bug from cisco) . This leaves me no choice but to upgrade to version 1.2.0.899-2-85601.
Scenario:
- 4 nodes in the environment running ISE version 1.1.2.145 patch 3
- node 1 is Primary Admin and Secondary Monitoring - hostname is node1
- node 2 is Secondary Admin and Primary Monitoring - hostname is node2
- node 3 is Policy service node - hostname is node3
- node 4 is Policy service node - hostname is node4
Objective: Upgrade the ISE environment to ISE version 1.2 with patch version 1.2.0.899-2-85601.
My understand is that I have to upgrade the existing environment from ISE version 1.1.2.145 patch 3
to ISE version 1.1.2.145 patch 10 (patch 10 was released on 10/04/2013) before I can proceed with
upgrading to ISE version 1.2 and patch it with 1.2.0.899-2-85601.
Can I patch my exsiting environment from 1.1.2 patch 3 to patch 10 prior to upgrading to version 1.2.0.899-2-85601?
I look at Cisco website and patch 10 was released on 10/04/2013 while version 1.2 was released back in 07/05/2013.
I am trying to get a definite answer from Cisco TAC but it seems like they don't know either.
Question #1: How do I proceed with upgrading the current ISE environment from 1.1.2.145 patch 3 to 1.1.2.145 patch 10?
Propose solution:
step #1: make ISE node1 to be both Primary Admin and Primary monitoring. ISE node2 is now Secondary Admin and Secondary Monitoring.
         Then go ahead and apply ISE version 1.1.2.145 patch 10 to ISE node2 via the GUI,
step #2: Once ISE node2 patch 10 is completed, make node2 Primary Admin and Primary Monitoring. At this point, apply ISE 1.1.2.145 patch 10
         to ISE node1 via the GUI,
step #3: Once ISE node1 patch 10 is completed, make node1 Primary Admin and Secondary Monitoring and node2 Secondary Admin and Primary Monitoring,
step #4: apply ISE 1.1.2.145 patch 10 to ISE Policy Service node3. Once that is completed, verify that node2 is working and accepting traffics,
step #5: apply ISE 1.1.2.145 patch 10 to ISE Policy Service node4. Once that is completed, verify that node2 is working and accepting traffics,
Question #2: How do I proceed with upgrading the current ISE environment from 1.1.2.145 patch 10 to ISE version 1.2 with patch version 1.2.0.899-2-85601?
Propose solution:
step #1: Make ISE node1 the Primary Admin and Primary monitoring. At this point ISE node2 will become Secondary Admin and Secondary Monitoring
step #2: Perform upgrade on the ISE node2 via the command line "application upgrade <app-bundle> <repository>". Once ISE node2 upgrade is completed, it will
          form a new ISE 1.2 cluster independent of the old cluster,
step #3: Perform upgrade on the ISE Policy Service node3 via the command line "application upgrade <app-bundle> <repository>". After the upgrade the ISE
          Policy Service Node3 will automatically joins the ISE node2 which is already in version 1.2
step #4: Perform upgrade on the ISE Policy Service node4 via the command line "application upgrade <app-bundle> <repository>". After the upgrade the ISE
          Policy Service Node4 will automatically joins the ISE node2 which is already in version 1.2
step #5: At this point the only node remaining in the 1.1.2.145 patch 10 is the ISE node1 Primary Admin and Primary Monitoring
step #6: Check and see if there are any more PSN's registered in ISE node1 (there should not be any)
step #7: Perform the upgrade on the ISE node1 from command line "application upgrade <app-bundle> <repository>"
step #8: Once upgrade on ISE node1 is complete, ISE node1 will automatically join the new ISE 1.2 cluster,
step #9: Make ISE node1 Primary Admin and Secondary and ISE node2 Secondary Admin and Primary Monitoring,
Question #3: How do I proceed with upgrading the current ISE environment from 1.2 patch0 to 1.2.0.899-2-85601?
Propose solution:
step #1: make ISE node1 to be both Primary Admin and Primary monitoring. ISE node2 is now Secondary Admin and Secondary Monitoring.
         Then go ahead and apply ISE 1.2.0.899-2-85601 to ISE node2 via the GUI,
step #2: Once ISE node2 1.2.0.899-2-85601 is completed, make node2 Primary Admin and Primary Monitoring. At this point, apply 1.2.0.899-2-85601
         to ISE node1 via the GUI,
step #3: Once ISE node1 patch 10 is completed, make node1 Primary Admin and Secondary Monitoring and node2 Secondary Admin and Primary Monitoring,
step #4: apply ISE 1.2.0.899-2-85601 to ISE Policy Service node3. Once that is completed, verify that node2 is working and accepting traffics,
step #5: apply ISE 1.2.0.899-2-85601 to ISE Policy Service node4. Once that is completed, verify that node2 is working and accepting traffics,
does these steps make sense to you?
Thanks in advance.

David,
A few answers to your questions -
Question 1: My recommendation is to follow vivek's blog since most fixes and upgrade steps are provided there - I would recommend installing the patch that was release prior to the 1.2 release date since the directions to "install the latest patch" would put you at the version of when the ISE 1.2 was released
https://supportforums.cisco.com/community/netpro/security/aaa/blog/2013/07/19/upgrading-to-identity-services-engine-ise-12
You do not have the ability to install ISE patch through the GUI on any of the "non-primary" nodes (you can use the cli commmand to achieve this), the current patching process was designed so you can install the patch on the primary admin node and it will then roll the patches out to the entire deployment (one node at at time). I painfully verified this by watching the services on each node and when a node was up and operational the next node would start the patching process. First the admin nodes then the PSNs.
Every ISE upgrade that I have attempted as not been flawless and I can assure you that I have done an upgrade on 1.1.2 patch 3 and this worked fine, however I used the following process. You will need the service account information that is used to join your ISE to AD.
I picked the secondary admin/monitoring node and made it a standalone node by deregistering (much like the old procedure) in your case this will be node2.
I backed up the certificates from the UI and the database from the CLI (pick the local disk or ftp-your choice).
I reset the database and ran the upgrade script (since I did not have access to the vsphere console or at the location of the non UCS hardware [for a 1.1.4 upgrade]).
Once the upgrade was completed I then restored the 1.1.x database, ISE 1.2 now has the ability to detect the version of the database that is restored and will perform the migration for you.
Once the restore finished, I then restored the certificate and picked one of the PSNs
backup the cert,
Had the AD join user account handy
reset-db,
and run the upgrade script.
Once that is done I then restore the cert
Join the PSN to the new deployment
Join both nodes to AD through primary admin node
Monitor for a few days (seperate consoles to make sure everything runs smooth)
If anything doesnt look or feel right, you can shut down the 1.2 PSN and force everything through the existing 1.1.2 setup and perform some investigation, if it all goes smooth you can then follow the above step for the other two nodes, starting with the last PSN and the the last admin node.
Thanks and I hope that helps,
Tarik Admani
*Please rate helpful posts*

Cisco ISE 1.2.1 deplyomet issue with Anyconnect and Profiling

Hi All,
We are running cisco ise box in 1.2.1 version wherein I am facing below issue while deployment. We are having two ISE boxes where One box act as Primary Admin,Secondary MNT and Policy Service and Second Box act as Secondary Admin,Primary MNT and Policy Service
1) Profiling of Endpoints - HP Laster jet printer 55XX series and scanner profiling are not happing in Cisco ISE 1.2.1 wherein I have enabled below probes in ISE for profiling
RADIUS Probe
SNMP Probe SNMP Trap HTTP Prob and DNS
2) Any-connect issue - We are using any-connect supplicant 3.0.11042 for wired and wireless user profile in windows 7 enterprises 32 bit machine
- Yellow mark issue -  Once authentication , posturing completed we are getting yellow mark on network drive but still we are able to connect to network
- Network Map Drive issue -  Once authentication , posturing completed we are getting red cross mark on Network map drive and if we double click on that drive then its get accessible and red mark turns in to green.
For that we have already allowed Ip level access to all domain in before logon dacl ( Machine authentication )
That would be really great if any one can help me on the same.
Thanks & Regards
Pranav

Hi Pablo ,
Please find below solutions
Yellow mark issue - - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet. This Service is by default disabled on Windows XP and Widows 8.X operating system. This is only enabled by default on Windows 7 and Windows Vista operating system.
Network Map Drive issue   - Create logon script and deploy it using group policy. Script will check full network connectivity and then map network drives
Regards
Pranav

Upgraded ISE NFR to 1.2 - now I cant apply patch 1 or 2

I have upgraded my ISE NFR to 1.2. Upgrade went fine, authz/authn config still in place and works with switch and WLC. The problem is now trying to apply a patch to 1.2.
If I try to apply patch1 or patch2, the CLI says its already installed. They definately arent!
Anyone seen this in an NFR or normal license upgrade?
I am facing my first customer upgrade iminently and I something like being unable to patch it afterwards isnt going to go down well!

Have you attempted your patch from both the CLI and the GUI? I had a customer who had issues upgrading their ISE from the GUI and the CLI worked fine, only issue was that each ISE node had to be patched from the CLI, as the patches didn't get pushed as they would from the GUI. If that's not working for you, I still wouldn't worry much about it, I've successfully patched in your exact scenerio so perhaps you have an isolated incedent.

Coa issue with Cisco ISE 1.2

Hi, i am currently implementing webauth with Cisco ISE for self register, but i am having issue coa. I was able to get non-windows machine to work but with windows i can't push out the url redirection through coa. I have enabled debug and i can see ISE trying to push out the url redirection to the port, however the url was not show when i issue a show authentication session interface gi 1/0/x command. The only issue i can see from the debugging is that the interface failed authorization first then a success authorization right after. Again, the url redirection work on non-windows machine, i have even go as far as disable dot1x supplicant on windows and it still didnt fix the issue.
please see attachment for the debugging i had mention above. If anyone know or had this issue before please let me know how i can resolve this.

finally figured it out. redirection acl was mess up.

I want to integrate SMS gateway to Cisco ISE 1.2 and my question is SMS notifications are supported for Guest self−registration

I want to integrate SMS gateway to Cisco ISE 1.2 and my question is
SMS notifications are supported for Guest self−registration Services ? or it should be done by Sponsor

I'm not sure I understand the question. Do you want to log in to the Sponsor Portal using AD credentials?
Create an Identity Source Sequence using AD as an Authentication Source. Go to Administration > Identity Management > Identity Source Sequences. Either Edit or +Add a Sequence and choose from the Authentication Sources shown.
Then choose that Identity Source Sequence by going to Administration > Web Portal Management > Settings. Double-click Sponsor from the Left Menu and click Authentication Source. Choose the Identity Source Sequence. Click Save.
I hope this helps.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton

Cisco ISE 1.2 and AD Group

Hello,
I have Cisco ISE installed on my EXSi server for my test pilot. I have added several AD groups to ISE as well.
I have created an Authorization policy condition, which is WIRELESS_DOT1X_USERS (see screenshot)
Basically, I just duplicated the default Wireless_802.1X and added Network Access:EapAuthentication, Equals, EAP-TLS.
My problem is, I was unable to join the wireless network if I added my AD group to the Authorization policy (see screenshot). The user that I have is a member of WLAN-USERS. If I removed the AD group from the Authorization policy, the use is able to join the wireless network.
I attached the ISE logs screenshot as well. I checked the ISE, AD/NPS, WLC, laptop time and date, and they are all in synched.
I also have the WLC added as NPS client on my network.
I checked the AD log and what I found was the WLCs local management user trying to authenticate. It is supposed to be my wireless user credential not the WLC.
This is the log that I got from the AD/NPS
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID:                              NULL SID
Account Name:                              admin
Account Domain:                              AAENG
Fully Qualified Account Name:          AAENG\admin
Client Machine:
Security ID:                              NULL SID
Account Name:                              -
Fully Qualified Account Name:          -
OS-Version:                              -
Called Station Identifier:                    -
Calling Station Identifier:                    -
NAS:
NAS IPv4 Address:                    172.28.255.42
NAS IPv6 Address:                    -
NAS Identifier:                              RK3W5508-01
NAS Port-Type:                              -
NAS Port:                              -
RADIUS Client:
Client Friendly Name:                    RK3W5508-01
Client IP Address:                              172.28.255.42
Authentication Details:
Connection Request Policy Name:          Use Windows authentication for all users
Network Policy Name:                    -
Authentication Provider:                    Windows
Authentication Server:                    WIN-RSTMIMB7F45.aaeng.local
Authentication Type:                    PAP
EAP Type:                              -
Account Session Identifier:                    -
Logging Results:                              Accounting information was written to the local log file.
Reason Code:                              16
Reason:                                        Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

Thank you Tarik,
I got my AD group working. What I did, I checked the user's certificate that is installed on the laptop then modified the ISE certificate authentication profile to "Subject Alternative Name". I had the ISE set to common name when I was having an issue.
I forgot to mentioned that I have to servers in my ISE test pilot. I have AD with NPS, and CA. These servers are Windows 2008 R2.
I am a little confuse about the attribute in certificate template you have mentioned. Is that located at Certificate Authority/server-name/Certificate Templates/Users? I am not sure where to look for that attribute on the CA server.

Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
ciscoISE/admin(config)# snmp-server ?
community Set community string
contact    Text for mib object sysContact
host       Specify hosts to receive SNMP notifications
location   Text for mib object sysLocation
ciscoISE/admin(config)# snmp-server
Ciscoacs/admin(config)# snmp-server ?
community Set community string
contact    Text for mib object sysContact
host       Specify hosts to receive SNMP notifications
location   Text for mib object sysLocation
Ciscoacs/admin(config)# snmp-server

No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

CIsco ISE NFR

Similar Messages

Maybe you are looking for