Cisco ISE Tips, Tricks, and Lessons Learned

ACS 5.8 to ISE 2.3 Migration: Can’t save updated SID values

2018-03-15 Brad ACS, Cisco ISE 2.3, Configuration, Troubleshooting

The latest Cisco ISE install involved migrating the customer from ACS 5.8 to ISE 2.3. They already had several authorization rules configured (over 50) in ACS so the ACS to ISE 2.3 migration tool was

Cisco ISE 2.3 Patch 2 released

2018-03-06 Brad Cisco ISE, Cisco ISE 2.3, Configuration

Cisco ISE 2.3 Patch 2 was released at the end of January 2018. You can read about the resolved caveats here: Cisco ISE 2.3 Release Notes. Along with the bug fixes, the biggest addition that

Cisco 3850 fails to send dot1x authentications after Denali upgrade

2018-01-22 Brad Bug, Denali, Switches

This isn’t a Cisco ISE bug but it could affect ISE deployments. A customer had recently deployed several Cisco 3850s with Multigigabit at their headquarters. Initially, the switches were deployed with IOS XE 3.7.5. We

Guest access with Anchor-Foreign Wireless Controllers

2017-12-26 Brad Uncategorized

Wireless guest access ranks as one of the top reasons why many of my customers implement Cisco ISE. It is relatively easy to implement and gives you a lot of control over what a guest

VMware and Cisco ISE

2017-12-23 Brad Cisco ISE, Tips

At least 90% of my customers utilize their existing VMware environment to run Cisco ISE instead of buying hardware (SNS-3xx5) servers. There are issues you need to be aware of when utilizing a VM environment.

Always verify the checksum value

2017-11-23 Brad Tips

I can’t emphasize this tip enough. Always verify the checksum values of any Cisco ISE download. I am talking about the install files (ISO or OVA), patch files, and upgrade bundles. It’s very easy to

DHCP snooping and port channels

2017-11-18 Brad Configuration, Switches

DHCP snooping is critical when using device sensors built into the switch for profiling with Cisco ISE. Setting up DHCP snooping allows the switch to collect DHCP information on endpoints which can then be forwarded

ISE Admin GUI authentication with RSA tokens

2017-11-08 Brad Cisco ISE 2.3, RSA SecurID

I recently worked on a Cisco ISE installation at a facility that required higher security. They utilized an RSA SecurID server and hardware tokens for their VPN and TACACS+ authentications. Since they were moving from

Should I go to ISE 2.2?

2017-10-31 Brad Cisco ISE 2.2

No. I know. You’re probably wondering why. ISE 2.2 is the long term release so it’s supposed to be supported longer than 2.1 or 2.3. The answer is based solely on my personal experience, my

Cisco ISE Licensing Part 3: Apex and Device Administration licenses

2017-10-28 Brad Cisco ISE 2.3

Be sure to check out Part 1 for Base licenses and Part 2 for Plus licenses. What functionality is included in Apex licenses 3rd party mobile device management (MDM) integration Posture assessment/compliance Threat Centric Network Access Control