Configuration – Page 2 – Cisco ISE Tips, Tricks, and Lessons Learned

Stop redirecting HTTPS!

2019-09-02 Brad Access Control List, AnyConnect, Cisco ISE, Configuration, Guest Access, Posture Assessment

Redirecting HTTPS requests for guest or posturing causes the browser to display certificate errors. Stop redirecting HTTPS!

Common ACL types used in ISE deployments and their precedence

2019-08-31 Brad Access Control List, Cisco ISE, Configuration

Four common ACL types used in ISE deployments, how they function, and their precedence when applied.

Guest portal allowing only specific AD groups (no BYOD) and sponsored guests

2019-08-21 Brad Cisco ISE, Configuration, Guest Access

The customer had a pretty straightforward request. They wanted a sponsored guest portal where users could self register but had to be approved. They also wanted to allow users of a single AD group to be able to log into the portal.

Switch device sensors and access-reject

2019-07-02 Brad Cisco ISE, Configuration, Tips

Sending an access-reject can cause issues when utilizing devices sensors for profiling.

Configuring ISE for eduroam authentication with a single policy set

2019-07-01 Brad Cisco ISE, Configuration, Tips, Uncategorized

The old way of specifying a proxy RADIUS service for authentications no longer works in Cisco ISE 2.3 and up because you must set the Allowed Protocols for the Policy Set itself instead of in the authentication policy. This affects how you configure ISE for eduroam authentications.

ISE RADIUS Live Logs missing IP information

2019-03-03 Brad Cisco ISE, Configuration, Switches, Troubleshooting

I was recently called in to help a customer with a couple of issues they were having in a pilot of Cisco ISE and Firepower. They wanted to utilize pxGrid to share context information between

You have to deny to allow…..what?

2018-06-06 Brad Access Control List, Cisco ISE, Configuration, Switches

ACLs on a switch are pretty straight forward. You want to only allow access to TCP ports 80 and 22 and block everything else? permit tcp any any eq 80 permit tcp any any eq

ACS 5.8 to ISE 2.3 Migration: Can’t save updated SID values

2018-03-15 Brad ACS, Cisco ISE 2.3, Configuration, Troubleshooting

The latest Cisco ISE install involved migrating the customer from ACS 5.8 to ISE 2.3. They already had several authorization rules configured (over 50) in ACS so the ACS to ISE 2.3 migration tool was

Cisco ISE 2.3 Patch 2 released

2018-03-06 Brad Cisco ISE, Cisco ISE 2.3, Configuration

Cisco ISE 2.3 Patch 2 was released at the end of January 2018. You can read about the resolved caveats here: Cisco ISE 2.3 Release Notes. Along with the bug fixes, the biggest addition that

DHCP snooping and port channels

2017-11-18 Brad Configuration, Switches

DHCP snooping is critical when using device sensors built into the switch for profiling with Cisco ISE. Setting up DHCP snooping allows the switch to collect DHCP information on endpoints which can then be forwarded

Category: Configuration