ISE 1.2 SNS - 3415 NIC bonding / grouping

Similar Questions

• Redundant NIC ISE (SNS-3415-K9)

  Hi all.

  We can connect a SNS-3415-K9 (ISE) to VSS switches. We have a server (SNS-3415-K9) ise can be connected an interface (g1) to switch1 and an other interface (g2) at the switch2 for redundant and load balancing...

  Not in a link aggregation Group (LAG) or multichassi etherchannel as your question implies.

  You can use other ports Gigabit Ethernet beyond Gi0 but they each have a separate IP address. There are different ways you can use these and other restrictions as well (e.g. Admin PAN is restricted to the Gi0).

  The details are laid out in a table here:

  http://www.Cisco.com/c/en/us/TD/docs/security/ISE/2-0/installation_guide...

  There are a few Cisco Live presentations, you can look for some design scenarios. I highly recommend Craig Hyps BRKSEC-3699 ISE for scale and high availability design

  https://www.ciscolive.com/online/connect/sessionDetail.WW?SESSION_ID=837...

• SNS-3415-K9: hardware device console login reset password

  We brought a hardware appliance for small server secure network for the Applications of the NAC & ACS ISE: SNS-3415-K9. After the initial Setup, we have forgotten the IP address and the password for this unit. I access console on the server, but I can not connect because I forgot the password.

  I access MMIC, but I have no idea to reset password to log in to the console.

  Please help me.

  You will need to start using the installation media of the product you are using (ACS or ISE). Once you have started, you will be presented with a list of options, which is to reset the password for the admin user.

  Javier Henderson

  Cisco Systems

• You place your order of SNS-3415

  I ordered the SNS-3415 as ISE 1.1.4.

  I thought I have to install the ISE, however, it has been installed.

  but I don't know what is the ID/PW...

  No one knows about it?

  Hello

  You'll have to reimage, on a new installation, you should be presented with invites it installation.

  Tarik Admani
  * Please note the useful messages *.

• Impossible to ACS 5.4 to 5.5 on an SNS-3415-K9

  Hello

  I try to install one of my Cisco ACS 5.4.0.46 with patch 5-4-0-46-6 5.5.0.46 version on a Cisco SNS-3415-K9 to 5.8.1.4.

  I have already installed the fix for pre-upgrade sharp-PreUpgrade -CSCum04132- 5-4-0-46 - 0 to .tar .gpg such as recommended by Cisco.

  When I run the upgrade, the process remains in 'Launch Application Upgrade' such as mentioned in the attached screen shot.

  Any suggestion please?

  Best regards.

  According to me, it's because of the stored data that causing problem with upgrade.

  4951688 3868528 827572 /storeddata 83%
  / dev/map/smosvg-recvol

  When you applied the upgrade bundle, it gets initially storeddata rental stores. If it doesn't have enough space, upgrade will fail.

  In order to erase stored data, you must contact TAC.

  Concerning

  Gagan

  rate: if it helps!

• What is the recommended size of repository to store saves the backups of ACS SNS-3415-K9, v5.4

  Hello guys, we need your advice :),

  do you know what is the recommended size of repository to store backups of logs of ACS SNS-3415-K9 (v5.4.0.46.0a software)?

  We intend to create an FTP server to record a monthly full backup and an incremental backup daily.

  We would like to consider the worst case in which ACS View Database is complete and a full backup is required and daily incremental backups.

  In the second period, we would appreciate really any advice on how to maintain, say, only the last 2 full backups and all the related incremental backups in the FTP server, is there a way to automate the removal of the oldest backup when a new backup is generated?

  Thanks in advance!

  Hi Rodrigo,

  Honestly, there is not a suggested size of space available to FTP/SFTP server used as the size of your backups of data base of progressive and complete view depend on 100% of the amount of newspapers ACS server receives every day, so what I would suggest to take a look at a couple of incremental for 2 consecutive days and would help you to determine what would be the amount that you need for a period of 30 days (one month).

  And associated with your concern if the ACS would supports the option to manually maintain the last 2 full backups view, unfortunately, it is not available as an option.

• ACS 5.3 on SNS 3415

  Is anyone ACS 5.3 running on a server of SNS 3415.

  It seems that it is not a mixture supported, I wondered why?

  Hello

  When Cisco release 3415 SNS the current version of ACS was 5.4. Developers had to make a different code for this device, because it uses own software and is another type of server.

  5.3 ACS was never develop working on this server, that of why you can't use ACS 5.4 or higher.

  If you need help with anything which touches the ACS do not hesitate to contact me. I used to work in support of Cisco AAA.

  Kind regards

  Erdelgad

• MTBF, MTTR SNS-3415 and TDS values

  Hi team,

  We would like to get the MTTR, MTBF and MDT to SNS-3415 values, kindly request expertise advise on that.

  Thank you

  Vishnu

  This information is not usually available to the public, you must contact the local team of the Cisco and ask them to receive the information for you.

• 3315 to SNS 3415 device migration

  I have a client with ISE 3315 with software version 1.3 four plays running, two nodes(Active-Active) for policy and two nodes(Active-Standby) for the admin. He bought a new four (4) devices with software version 2.0 3415 fast to replace the existing one. No direction to accomplish this task.

  -Tips to know if running on version 1.3 configuration will work with version 2.0 without any problems.

  -How to migrate the licenses, certificates, etc.

  Hello

  Yes, 1.3 ISE can be restored on 2.0. However, it is recommended to have the latest patch on ISE 1.3 before her.

  Config contains only some certs trust not the or certificates of system. So, you can export the certificate of the system with the private key and import on the new server.

  License does not save the config. Later you can get license team or if you already have a copy and then import them.

  I hope that helps!

  Concerning

  Gagan

• NIC L4 grouping possible?

  You can configure the NIC, load balancing across L4 - TCP/UDP port? I need invited acceleration backups without ethernet 10 GB VM. VMware has only "route based on ip hash' method available and the traffic is between 2 IP addresses. My network switches supports this method. New MS HyperV has this feature.

  Martin

  Martin wrote:

  You can configure the NIC, load balancing across L4 - TCP/UDP port? I need invited acceleration backups without ethernet 10 GB VM. VMware has only "route based on ip hash' method available and the traffic is between 2 IP addresses. My network switches supports this method. New MS HyperV has this feature.

  No, the VMware NIC teaming load balancing is only on layer 3. You can however set your physical switches don't sleep 4 balancing with hash IP on the side of ESXi.

• iSCSI/NIC bonding/Multi Pathing

  My entire ESX environment consists of all Dell PE2950s, each with 2 x 1 GB NIC in them.

  both my iSCSI servers have 2 x 1 GB ethernet which are NIC glued to maximize throughput.

  For most areas of development, so these are his especially iSCSI and vm vm traffic traffic (like IIS, SQL, etc.)

  What is the best way to config the vNetwork in ESX so that I can use two NICs for ISCSI, but not to lose the LAN feature?  Can I spend 1 iSCSI NETWORK card and the other card NETWORK ISCSI/LAN?

  I posted about this before and I was told that the collage of NIC is not supported for iSCSI in ESX.  I don't know anything about multiple paths...

  Take a look at these:

  http://goingvirtual.WordPress.com/2009/07/17/vSphere-4-0-with-software-iSCSI-and-2-paths/

  http://blogs.VMware.com/KBTV/2011/01/how-to-configure-iSCSI-port-binding-on-vSphere-4.html

• WLC (foreign-anchor), problem with external web authentication-> ISE

  Hello guys

  I am designing a platform for a network of comments, which must be isolated from the LAN, the following facilities:

  • ISE 1.2 (SNS-3415-K9 Cisco)
  • WLC 7.0.230.0 (Cisco 5508 controller)---> foreign wlc
  • WLC 7.0.230.0 (Cisco 5508 controller)---> wlc anchor.

  The PAES tunnel between wlc is successfully completed.

  The wireless client gets the IP address of the anchor wlc (DHCP server).

  Test 1:

  I have set up the ANCHOR WLC with local web authentication (internal), the wireless client is authenticated by WLC and successfully navigate.

  Test 2:

  Configure the authentication web external anchor (ISE) WLC. Configure a user to the portal comments ISE.

  The wireless client gets the IP address of the anchor wlc (DHCP server), attempting to engage not display comments portal.

  Debugging a wireless client, try to connect to the guest network is attached.

  That's right... they have a version of code required minimum supported for this.

  Thank you

  Scott

  Help others using the system of rating and marking answers questions like "answered."

• ISE Cisco 3395 NIC Teaming/redundancy

  Is it possible to implement the consolidation of NETWORK cards on a 3395, I see that it is available on the SNS 3400 series? However, I was unable to locate any information about NIC grouping for purposes of redundancy on of the 3395. This feature is taken in charge, and if so, how I would approach him allowing of correctly? Thank you very much for the help in advance.

  Hello. For now, ISE does not support the NIC teaming/pipe of any kind. It asked that several times so I hope that Cisco will implement in a future version.

  Thank you for evaluating useful messages!

• Override the port NIC teaming with powercli group?

  Hi all

  Any chance you could lend a hand?

  I have a powercli script that goes out to all of my ESX 4.0 host and add a new port group to vswitch1 with a new VLAN ID. That works well, but I also need to override the NIC teaming on this port group, to set an active NIC and the other to be the backup. (we put NIC failover port groups not the vswitches).

  I see ways to change NIC vswitches grouping settings, but am yet to find a way to change the settings of the NIC collection for groups of ports themselves with powercli?

  Can someone shine a light?

  Thank you

  Try something like:

  Get-VirtualPortGroup-name '' | Get-NicTeamingPolicy | Game-NicTeamingPolicy - MakeNicActive "vmnic1" - MakeNicStandby "vmnic0".

  I hope this helps!

• Question of ISE MAB

  Hello

  I am working currently on the site and I did facing Aproblem with mac authentication bypass,

  I work with on ISE SNS-3415-K9, version 2.0.0.306, active deployment mode / standby.

  The ISE do profiling through snmp and DHCP messages.

  in most of the switches of MAB is working properly,

  but unfortunately I faced a problem in some switches.

  > the ISE cannot discover the mac of an endpoint, then the failure of MAB, same I enter the MAC address of endpoint manually, the GCC has failed.

  Please check the following configuration on the switch

  IP http server
  IP http secure server

  analysis of IP device

  logging of the EMP
  logging Source ip id

  control-dot1x system-auth

  Group AAA dot1x default authentication RADIUS
  Group AAA authorization network default RADIUS
  Group AAA authorization auth-proxy default RADIUS
  start-stop radius group AAA accounting dot1x default
  accounting AAA periodic update 5
  !
  accounting AAA periodic update 5
  start-stop radius group AAA accounting system by default
  !
  AAA server RADIUS Dynamics-author
  Client 10.255.255.13 server-key [email protected]/ * /.
  Client 10.255.255.14 server-key [email protected]/ * /.

  RADIUS attribute 6 sur-pour-login-auth server
  No server radius attribute 8 include-in-access-req
  No radius attribute 25-application access server include
  No dead-criteria time radius server 120 tries 10

  No radius key [email protected]server *.
  no host 10.255.255.13 radius server auth-port 1812 acct-port 1813
  no host 10.255.255.14 radius server auth-port 1812 acct-port 1813
  No 10.255.255.13 radius server host doesn't test username ise_probe-idle time 30
  No 10.255.255.14 radius server host doesn't test username ise_probe-idle time 30

  No radius vsa server send accounting
  No radius vsa server send authentication

  No radius source-interface vlan300 ip

  No dot1x-auth-control system

  no host 10.255.255.13 record transport udp port 20514
  host 10.255.255.14 record transport udp port 20514

  SNMP-server host 10.255.255.14 [email protected]version *.
  SNMP-server host 10.255.255.13 [email protected]version *.

  interface GigabitEthernet0/2

  switchport
  switchport mode access
  stream of host-authentication mode
  authentication order mab
  authentication priority mab
  Auto control of the port of authentication
  periodic authentication
  Server to authenticate again authentication timer
  MAB
  end

  > Also, when I open the RADIUS log file, an authentication failure message appear even I manually insert the MAC.

  Please note the ise probe in the user name field

  Please check the attached screenshots

  @pieterh

  The number before the commands is rolled by accident.