Cisco VIRL and ISE

Similar Questions

• Cisco vWLC and issue of ISE Central Web Authetication

  Hello!

  I have a problem with a central Web authentication wireless. CWA woking fine wired.

  My APs woking FlexConnect mode with local switching. When I connect to the WLAN with CWA, web page with the portal asked to not open, but I see, this redirection works...

  When I try to ping ISE and have an odd result:

  [email protected]/ * /: ~ $ ping 10.10.2.47

  PING 10.10.2.47 (10.10.2.47) 56 (84) bytes of data.

  64 bytes from 10.10.2.47: icmp_seq = 5 ttl = 63 times = 1.45 ms

  64 bytes from 10.10.2.47: icmp_seq = 8 ttl = 63 times = 2.22 ms

  64 bytes from 10.10.2.47: icmp_seq = 10 ttl = 63 times = 1.43 ms

  ^ C

  -10.10.2.47 - ping statistics

  21 packets transmitted, received 3, 85% packet loss, time 20106ms

  RTT min/avg/max/leg = 1.430/1.703/2.223/0.367 ms

  When I change the WIFI open network security or any other method, ping to ISE work very well. Help, please!

  Web Auth (CWA) Centre works different controllers/APs works in mode FlexConnect. Please consult this guide and check if you have a similar setup.

  http://www.Cisco.com/c/en/us/support/docs/security/identity-Services-engine/116087-configure-CWA-WLC-ISE-00.html

  If so, please post screenshots with your configs (ACL redirect, political in ISE and WLC SSD settings).

  In addition, the version of the code you run in your controller and ISE.

  Thank you for evaluating useful messages!

• Cisco VCS and integration Lync2013

  Hello!

  Could you tell me please, when CISCO officially support Lync2013 - free new software for VCS - C and documentation on integration?

  The main interest is the possibility of transferring video between CISCO/MCU and Lync endpoints on the H.264 Protocol, who hails from Lync2013.

  Right now, I've got VCS - C and RTM Lync2013 X7.2. During the video call without AMGW appeal established as audio only.

  When using with Lync2010, it worked on Protocol H.263 and CIF resolution.

  Evgeniy salvation,

  We are currently investigating the possibilities to achieve interoperability between Lync 2013, VCS and video devices on the side of the VCS standards-based, it is a work in progress and at this stage, it is to early to provide any factual information on when interop will be available.

  In contrast to Lync 2010, Lync 2013 does not support H.263 for video and it so that will remove the OCS/Lync integration. I do however think that you should be able to make a two-way video between Lync 2013 and VCS-joined endpoints if you use an AMGW tried that yet?

  Thank you

  Andreas

• Backdoor in Cisco routers and firewalls.

  The more I read on the NSA scandal (and Yes, I apparently a scandal) less I trust corporations hardware and software.  There is no reason for anyone to doubt that all Cisco equipment comes with a backdoor.  Because these probable backdoors exist it's a matter of time before hackers discover and exploit them.  It's happened to Microsoft a number of times and there is no reason that it could not happen to Cisco.  It is no longer our trust Cisco equipment and have already started researching alternatives network.

  It is more a crazy conspiracy theory, that is the reality.

  In all liklihood, we use a series of firewall to further isolate our network against intrusions.  To reduce costs, we can keep our existing in this topology Cisco equipment, but we will replace hardware Cisco when it breaks down or needs to be upgraded.  I do the same thing with my home network.

  In the last months, we already moved all of our e-mail to secure servers overseas and changed all our McAfee, AVG and Avast antivirus software.  We are also researching Linux distributions to replace Microsoft.

  If Cisco wants to protect their brand, they need to take a stand or see their market share continue to erode.  There must be a CEO to a U.S. company that will take this position and be a hero rather that continue to be a lap dog.

  Hello

  use open-source based linux firewalls and routers.

  and check the source cod

• Cisco show and share to publish on the internet

  Dear Experts

  We have new deployment for Cisco SNS, and we publish SNS on the internet. I need help to do it and any recommendations, please.

  Thank you

  Richard

  Hi Richard

  Solve you your problem? I have to make sure of the following.

  1. you can access external SNS internally.

  2-natting is ok between IP Public & private.

  3. for the DNS record, make sure that the name must be the same on the inside & outside. For example internlly vod.bnp.med.ca and create a record public vod.bnp.med.ca should be the same FQDN, otherwise your SNS will never work. For authentication, you must publish the DMM.

  Note: your question this internal FQDN differs from the external FQDN of the SNS.

  Thank you

  Please note all relevant information

• AAA Cisco 600 and 700

  Cisco ACS GANYMEDE + AAA can be activated for telnet to Cisco 600 and 700 routers?

  Unfortunately you can not configure radius AAA or Ganymede in routers series 600 or 700.

• The traffic load between the power of Cisco ASA and FireSight Management Center fire

  Hi all

  I have a stupid question to ask.

  Can I know what is the traffic load and the e/s flow between firepower Cisco ASA and FireSight Management Center?

  Currently working on a project, client require such information to adapt to their network. Tried to find in the document from Cisco, but no luck.

  Maybe you all have no idea to provide.

  It varies depending on the number of events reported from the module to the CSP. No event = only health controls and policy changes are exchanged. 10,000 events per second = much more traffic.

  Generally it is not a heavy load, however.

• Configure to integrate Cisco ASA and JOINT

  Hello

  We have Cisco ASA and JOINT, need assistance on the integration of the same thing; Please email me so that I'll share the details of the architecture.

  Thank you best regards &,.

  REDA

  Hi reda,.

  If I correctly your diagram, you do not want to send any traffic from the external switch to the JOINT with a SPAN port and all traffic from your DMZ interfaces with another.

  Is this correct?

  If so, can you tell me why you want to inspect the traffic before it goes through the firewall? As I said in my original answer, we generally advise putting IP addresses after the firewall.

  Not to mention that in your case, I guess that some traffic will be inspected twice so you will need to assign a different virtual sensors to each JOINT internal interfaces to ensure that the same instance does not see the traffic of several times.

  Kind regards

  Nicolas

• What is the difference between Cisco NAC and ACS?

  I am currently part of a new construction project and my Cisco account manager and sales engineer recommend Cisco NAC for our new MDF. I'm confused because I don't clearly know the difference between a Cisco ACS and the NAC. What is the difference?

  Thank you

  Chris

  Chris,

  The two are completely different, maybe the sales rep could present you with more information and application. Each offers a variety of services tailored to the specific needs. I think that we need to read more in depth on the proceeds of the NAC. NAC seems an excellent solution for authentication authorization but other regulatory compliance.

  When you see ask your representative to sales for more information/demo.

  ACS is more widely use as a central point to access control to network devices routers, an example is for acs accounting management and the authority to order on all devices on the network using acs as RADIUS server. Considering that the NAC is over a central point of safety inspection on earlier systems of access to your network by via LAN or outside, an example of these respected regulatory defined could be inspections could be virus definition checks before getting lan access thus preventing access to the LAN if the system does not have regulatory compliance defined in NAC access is denied. Another example could be the unknown local host connections etc... So, it seems that NAC is a much broader product that provides endpoint security internal, not only the authentication authorization as acs... ACS has been there for a long time, NAC is rather new product.

  NAC

  http://www.Cisco.com/en/us/NetSol/ns466/networking_solutions_package.html

  http://www.Cisco.com/en/us/solutions/collateral/ns340/ns394/ns171/ns466/ns617/net_qanda0900aecd800fdd6f_ns466_Networking_Solutions_Q_and_A.html

  ACS

  http://www.Cisco.com/en/us/products/sw/secursw/ps5338/index.html

  Rgds

  Jorge

• Turn on the mtu on cisco switch and cisco user server

  Hi all

  someone got bad luck turning on the mtu on their cisco switch?  I guess I need to turn it on for all because the command is for all ports on cisco catalyst and my server switch is nearby to my user of switches and a broadband bandwidth 6 G or 6 ports, I need to turn it on for all user ports?

  Thanks for any comments, that you can add.

  I assume you mean Jumbo frame support! You shouldn't have any problems with that. Please take a look at for example http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml for more details and the configuration of the different switches. According to the model, the parameters are for dedicated ports only or the entire switch. In the case of the switch everything you will need to reload (reboot) switch, so be careful.

  André

• iOS 8.0 our apple and ISE of CISCO [RESOLVED] custom portal users

  Hi guys,.
  I was wondering why after updating to iOS 8.0 our apple users, cannot
  go to the online portal ISE, we do em to connect via a WLC wich
  redirects web-auth, to ISE (radius server) process

  So what if we use the internal portal (Note2) wlc 5508 process all right
  After the update to 8.0 apple IOS devices cannot reach our custom portal
  None...

  everyone has experienced the same?

  BR

  Eugenio

  Glad that you got this work and good work on the search for a solution to your problem (+ 5 from me). Also, thank you for taking the time to come back and share it.

  If your problem is resolved, you must mark the thread as "Answered" :)

  One thing to consider too is CWA (Central Web Auth) instead of what you are doing is LWA (Local Web Auth). It's always better to CWA, there are many benefits to it.

  Thank you for evaluating useful messages!

• FireSight and ISE User Identity Integration

  We are eager to move from CX/PRSM has the power of fire/FireSight. I am researching feature parity.

  Today, I use the integration of CDA with ISE to passively capture the identity of the user of the 802.1 x authenticated wireless employees.

  The aim is on request, produce reports map a username to their traffic in a passive way.

  I was told by an engineer Cisco ISE has been a source of identity consumable for FireSight in the same way that LDAP is with the User Agent. Furthermore I was assured that this was the case without the permission of the PXGRID.

  I'm unable to find information proving it's true. The only thing I find is how to use ISE as an authentication method.

  I don't want to authenticate users actively. I want to just user name information of scape for reporting purposes. I read the following URL and not what I'm looking for on our current configuration.

  http://www.Cisco.com/c/en/us/support/docs/security/firesight-management-...

  I think before moving that Cisco plans to integrate these kind of multiple data sources in the user through PxGrid. Even if I would prefer CDA as it appears more stable than SFUA.

  There was some proof of concept of laboratory work has shown in Cisco Live Milan a couple of weeks.

• Cisco NTP Sync ISE

  Hi people,

  I was wondering if anyone knows the reason why a Cisco ISE is not synchronized with the NTP server. I am able to ping from ISE servers and wireless controller is properly synchronized.

  Is there something more in addition to time zone and Setup "ntp server"?

  synchronized to a stratum 11 LAN
  correct time less than 11 ms
  vote server each 1024 s

  refid distance st t when poll reach delay offset jitter
  ==============================================================================
  * 127.127.1.0. LIUX.          10 l 33 64 377 0.000 0.000 0.001
  x.x.x.x 200.160.7.193 2 7 1024 186 0,671 u 2545847 56.067
  x.x.x.x 200.160.0.8 3 202 1024 7 0.630 u 2545853 55.940

  * Current time + candidate source

  ATTENTION: Output results can conflict in change of the synchronization periods.

  '

  Hi Flavio,

  It happens with ISE and ACS, they synchronize correctly or loses the synchorinization, you can either make no ntp server and ntp again server or you can restart the NTP service. even that sometimes helps

  Bravo!

  Bellefroid

• Registration of URLS for comments using comments anchor traffic and ISE

  Hi all, there

  I am looking for a solution by which I can connect information URL to the users wireless invited to ISE. The anchor THAT WLC is located in a DMZ behind the ASA and the ISE is on the internal network. I found this document (see LINK below), which is similar but using a comment of the NAC server and not an ISE.

  I wonder if someone managed to do it using ISE?

  http://www.Cisco.com/en/us/products/ps6128/products_configuration_example09186a0080ac2fda.shtml#wlcc

  Hello. I have this script successfully work. The only thing different from the configuration of the supplied link, it's that you must specify the port UDP 20514. Refer to the following line:

  host of logging inside the 192.168.215.16 17/20514

  Here the number 17 means UDP and the 20514 number is the port number.

  Please rate if this can help

• WLC 5508 (ver > 7,2) and ISE 1.1.2

  Ciao,.

  I found this interesting article:

  Assignment of VLAN dynamic with server RADIUS and Wireless LAN Controller Configuration example

  http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

  And I wonder if the same configuration will work with ISE 1.1.2.

  My needs are:

  -one SSID

  -authentication (for guest: user\pwd in the ISE; used database certificate or user\pwd M $ AD) moved to a VIRTUAL LAN or another

  Ciao e grazie!

  Luciano

  Philip,

  My bad, I apologize for the confusion, they put so many numbers on the back

  Here, this might help.

  http://www.Cisco.com/en/us/products/ps10315/products_tech_note09186a0080bcb905.shtml