Support for OS Linux in Cisco ISE

Hi all

Can someone help me to know. If any Linux OS posture assessment is available in ISE like Windows & MAC OS.

Hello Mohsin-

Evaluation of posture is not currently supported on Linux-based devices. For more information on currently supported devices, controls, etc. see the following link:

http://www.Cisco.com/c/en/us/TD/docs/security/ISE/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_010111.html

Thank you for evaluating useful messages!

Tags: Cisco Security

Similar Questions

  • Change password for local administrator on Cisco ISE in distributed deployment

    Hi guys,.

    I managed four ISEs of Cisco in a distributed environment.

    First ISE is the Admin, second ISE is followed, the third and fourth are the PSN.

    We use local authentication. We want to change the password for the admin user name.

    -What does that by a lucky break the connection between the ISEs or will be the new password pushed to each of them?

    There is no possibility to change the passwords on the PSN as the administration tab is not available.

    I know that when I create a new user, he's pushed all ISEs.

    Thank you.

    Serge.

    Serge,

    Good question.  Once I read this question, I had to know, so I tried this in my lab.

    I changed the admin password and change successfully, I had to connect to ISE using the new password.  Then I noticed on my dashboard to my node communication school admin and my PSN was green.  YAY.  I went to the page of deployments and could access the configurations for the nodes.

    Trust, I logged the secondary node using the NEW PASSWORD.  So, Yes, not only communication does NOT break, the new password is pushed down to all nodes.

    Please rate useful messages and mark this question as answered if, in fact, does that answer your question.  Otherwise, feel free to post additional questions.

    Charles Moreton

  • Extreme SSD 120GB - No. TRIM support for Linux later? $150 wasted?

    I am a customer of Sandisk's long-term and generally been happy with their products.

    My favorite and the only OS is Linux, like the millions of PC users, laptop, Tablet and smartphone world. I'm about to take delivery of a brand new Sandisk Extreme SSD 120 GB. This is my 2nd SSD (the other being of Kingston). I just found this review online (newegg.com) about current support for Sandisk Extreme SSD TRIM for Linux:

    "Cannot support a topping on LINUX. I also use EXT4 throw tag in/etc/fstab and it does not work. I sent Sandisk. They said: "I understand that you were not able to activate the TRIM on your SSD 120 GB extreme linux system command. We are sorry for the inconvenience this problem may have caused. »

    Then I remember seeing this in own of Sandisk SSD info online:

    "Any operating system can be installed on an SSD. There is NO compatibility problem with regard to the operating system. Windows, Mac, Linux, Unix any version or BACK can be installed on an SSD.
    Certain features such as the PLATE only are supported in mode native on the latest operating systems such as Windows 7 and Mac OS 10.6 and higher. »

    I'm worried. First of all, I have always use the latest version of Linux, continually updated to day and make all the necessary preparations for the maximum performance of SSD (including changes to operating and fstab AHCI). Then my other SSD worked flawless since (installed 6 months ago) news including the TRIM under Linux.

    Then I read elsewhere that Sandisk provides no SSD firmware still updates (?). Is this correct?

    If so, then Houston, we have a (major) problem. Product not suitable to use? Misrepresentation of product? Inadequate technical support? Incomplete engineering front of dumping on the market?

    I might be worrying unduly. Heck, I really hope someone can help me, clarity and TRIM unlimited direct. Can I use my new Sandisk Extreme SSD as my other player, without product development stressful of Sandisk. (Before I drop the fanboys Win7 and Mac, Linux is also valid in the real world like any OS corporate-drone. Heck one day you too could see the light...)

    Good news all around. Extreme SSD arrived and installed without a hitch. Also received a number of useful answers E-mail of Support technical Sandisk (thanks, notably, spear, who approached the plate). In short, if you have a recent Linux kernel installed, opt for the filesystem ext4 on both / and / Home. But first of all to be absolutely sure that you have selected the AHCI option in the section of the BIOS of your motherboard SATA mode. (Flashing the latest mainboard BIOS should also help.) So to allow TOPPING Linux offers edit you your file/etc/fstab to include the "noatime" instructions and "throw" in the lines making reference to / and / Home. Save and you should be good to go. So to answer my own original doubts - TRIM is supported for latest Linux OS provided that you follow the installation process. I lose $150? Probably not, but only time and toggle NAND will tell!

  • Evaluation of posture transmitted by mistake using Cisco ISE

    Hi all

    I would like to help try to understand why a customer who has not been connected to the network for a little over a month has allowed full network access despite being older than 28 days AV definitions.

    We have 2 mandatory requirements of posture,

    1 Symantec Av MUST be installed

    2. the definitions AV MUST be expired LESS THAN 28 days

    Currently, the machine I have watch the defs AV as being 25 March 2013.

    When I produce the detailed report posture, it shows me even that the two mandatory requirements described above were successfully which means that the endpoint is compliant posture. Clearly this is not the case if...!

    Is there anything else I can check on the ISE to help debug this?

    Mario

    Hello

    You may have two problems:

    1 al ' ISE, you have a set global clients not supported of the NAC Agent (Android, etc.) that specifies what their default state of compliance. If the default setting is "consistent" and you do not have a rule in this customer service or you simply do not have client provisioning rules, any machine that does not fit in the provisioning rule (IE thinks them ISE which is not supported) Gets a consistent event compliance status if NAC Agent is installed and that the rules are not met.

    2. problem of ANC Agent version?

    I saw in the papers that you use NAC 4.9.1.6 agent but the latest NAC Agent recommended to be used with (later) ISE is version 4.9.0.51.

    4.9.1.6 is a version of NAC Appliance and Cisco does not guarantee that is 100% compatible with ISE.

    Check

    http://www.Cisco.com/en/us/docs/security/ISE/1.1.1/compatibility/ise_sdt.html#wp78131

    Cisco NAC Agent Interoperability Between NAC Appliance and Identity Services Engine (ISE)
    

    Cisco supports different versions of the NAC Agent for integration with  NAC Appliance and ISE. Current releases are developed to work in either  environment, however, interoperability between deployments is not  guaranteed. Therefore, there is no explicit interoperability support for  a given NAC Agent version intended for one environment that will  necessarily work in the other. If you require support for both NAC  Appliance and ISE using a single NAC Agent, be sure to test NAC Agent in  your specific environment to verify compatibility.
    

    Unless there is a specific defect or feature required for your NAC  Appliance deployment, Cisco recommends deploying the most current agent  certified for your ISE deployment. If an issue arises, Cisco recommends  restricting the NAC Agent's use to its intended environment and  contacting Cisco TAC for assistance. Cisco will be addressing this issue  through the standard Cisco TAC support escalation process, but NAC  Agent interoperability is not guaranteed.
    

    Cisco is working on an approach to address NAC Agent interoperability testing and support in an upcoming release.

  • Different permission on Cisco ISE Mac address format

    Dear all,

    I have problem with my Cisco ISE,

    It's design:

    ISE - Core switch - 3Com - PC user

    My case:

    Authorization is based on Active Directory, and Mac address

    The user with PC connecting to 3Com swtich Deny by ISE but is the Mac of the Format address is different with Cisco.

    Cisco MAC address format: XX

    3Com MAC address format: XXXX-XXXX-XXXX

    3Com switch type is TRICOM 4210 26 - PORT.

    Someone at - it experience with this? and how can change the mac address format in 3Com for user authorized by Cisco ISE.

    Note:

    Active Directory-based authorization is not problem with 3Com Switch.

    From my experience, produces different is mac address of a different size, so this case not only for 3Com Switch.

    Thank you

    Arika Wahyono

    Hello. Authentication using "work around the Mac address" is not a standard feature. The seller do differently. I do not think that this could work, but even if this is possible the solution will be not reliable because it is not standard basic.

  • Cisco first 2.1 / 2.2 support for Cisco ise 1.3?

    Hi, I just tried to connect cisco IP 2.1 to cisco ISE 1.3, but fails.
    I read the Release Notes, only 1.2 ISE ist supported.
    But I was wondering that the ssl negotiation fails (I made a packet capture).
    So PI 2.1 has not tried to connect to the ise 1.3 via api, because of the connection fails during the ssl handshake.

    Anyway, does anyone know if ISE 1.3 will be supported with a PI or PI 2.2 version 2.1.x?

    ICC 2.1.2 supports up to 1.2 ISE.  ICC 2.2 release date is scheduled for December 2014.  Read below.

    Table 4 The Infrastructure first, Cisco and Cisco wireless version compatibility matrix

  • Cisco Ise 1.3 with Flex to connect wireless supported function

    Hello

    My environment is formed ROUND of flex-mode connection wireless and cisco Ise 1.3, these features are supported?
    Basic functions of the AAA
    profiling
    posturing
    Substitution VLAN
    Substitution of the ACL
    Comments commissioning

    TrustSec 2.0 this MDC is not supported? someone try this feature?

    These all work with ISE 1.3 and FlexConnect WLAN.

    You need the right license ISE - the type of mobility (wireless) license will cover everything. If you have wired and wireless, then you must have basic (for most features) + more (for profiling) + Apex (for Posturing).

  • Authentication for 802.1 x and Cisco ISE printer

    Hello

    What is the best practice to authenticate a 802 printer. 1 x in Cisco ISE?

    The printer can store a certificate for authentication and support EAP - TLS.

    Thanks for the reply.

    Marco

    Please refer to the rules of authentication

    www.Cisco.com/c/en/US/TD/docs/Security/ISE/1-2/user_guide/ise_user_guide...

  • ScanJet 3000 Pro s2: Scanjet 3000 Pro s2 - support for linux

    Hello

    product page indicates that linux for the Scanjet 3000 Pro s2 drivers are available:

    The HP Scanjet Professional 3000 s2 to add to existing custom solutions through TWAIN, ISIS, WIA, Linux and Mac drivers.

    But the specification list only supported for Windows and Mac OS X. even for the driver download page.

    This unit works with linux? If so, what architectures are supported?

    Thank you

    Indeed, HP is the main contributor to HPLIP, but HPLIP does not all drivers for Scanjet scanners:

    I see in the thread that the poster has got some HP drivers by contacting through the discussion list, I suggest to try the same thing and check if you got no response, it's a forum for peer to peer and not direct contact with HP...

    You can sign up and send a mail to the sane-devel list, prescribed for such a seems to me:

    http://lists.alioth.debian.org/mailman/listinfo/sane-devel

    Hope that helps,

    Shlomi

  • Changes in prices for the contracts of Support for Cisco IDS/IPS

    Nice day

    My boss asked me if there is no value added regarding Cisco's recent move to charge separately for hardware and software support for IDS/IPS product line.

    Other than what is obvious (need software support for updates of signature, need of material support in case something breaks), I'm having a hard time to provide a response.

    Can anyone suggest what is the increased value, other than annual recurrent costs more we get as a result of this change of license?

    Also, was there any release press or other notice to the client about this change?

    I am at a loss...

    Alex Arndt

    Alex,

    Cut through the spin and the hype... the software support allows us to finance a development team dedicated to signature, which has improved our signature rejection rates and response times. In addition, it is allowing us to expand our coverage to keep IDS 4.1 to get the support of the signature. It is contrary to our previous policy which would have seen 4.1 updates to signature cut shortly after 5.0 released.

    A side effect of this is that our development team is now free to focus on the development of the feature, and you will see more updates, more often.

    Can't comment on press releases and others, they make your head spin my ;)

    Scott

  • ISE 1.2.1 support for Yosemite?

    Hello everyone, just curious. I see in the release notes for ISE 1.2.X that support for Mac OS 10.10 (Yosemite) was available via patch 12 on the train ISE1.2.0 of the code. That said, I see nothing in the release notes indicating support for Yosemite for any patches for ISE1.2.1, the latter being patch 3 released 1 week after ISE 1.2.0 patch 12. Please can someone tell if Yosemite is based in fact on 1.2.1 with patch 3?

    Thank you very much in advance for your help

    Jeff

    Jeff,

    OS X 10.10 is supported in ISE 1.2 p11, 1.2.1 p2 and 1.3.

    Patch 12 for 1,2 and 3 Patch 1.2.1 fix other issues for OS X 10.10, and I recommend you to update on the latest patches for these fixes.

    Here is the entry in the Release Notes detailing the fix for 10.10 to 1.2 p 12:

    MacOsXAgent versrion 4.9.5.3 should be used and MacOsXSPWizard 1.0.0.30

    Note that the description of these files refer to ISE 1.2 Patch 11/12, ISE 1.3 release and above.  ISE 1.2.1 is not mentioned, but follows the calendar bug fix and version 1.2, with an adjustment.

    Patch 1.2 10 = 1.2.1 hotfix 1

    Please rate useful messages and mark this question as answered if, in fact, does that answer your question.  Otherwise, feel free to post additional questions.

    Charles Moreton

  • Support for Linux in Smartphones blackBerry - marketing Dept.

    Sale of RIM rose by 102% to $1.88 billion for the quarter ending March 1 08. What are the chances of RIM having sufficient funds or will support, customers using Linux? A community which grew to 1.37% in September 2007 to 2.09% in October 2008.

    PS Ubuntu Linux: 8 million users and more

    It is not really answering your question to the Marketing Department, I don't even know if they read this forum. They could.

    Have you looked here for Linux support?

    http://www.BlackBerryForums.com/Linux-users-corner/

  • Oracle Enterprise Linux - comments of support for vCloud Director

    the following function

    http://KB.VMware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 2034491

    Oracle Linux is not supported.

    This can be confirmed?

    Hello

    You can enable comments for Oracle Linux customization which means that it is supported. I remember non-incassable test Oracle Linux 5 and it worked fine.

    Thanks for pointing out. I'll open a bug to update the article.

    / Andrii

  • Cisco ise license command

    I have a question

    1. is it possible to install the Cisco ISE software on the server machine to physical HP (without solution VMware or without the use of SNS-3415-k9 cisco device)?

    2. for 2500 users online, I'll order L-ISE-BSE-2550, L-ISE-PLS-S-2500 and L-ISE-APX-S-2500 of basis, more and apex licenses. My question is HA (primary and secondary) application I need 2 licenses for each? (2 * L - ISE - BSE - 2550, 2 * L - ISE - PLS - S - 2500 and 2 * L - ISE - APX - S - 2500)

    or just a license for each is enough?

    3. If I implement Cisco ISE and HA on VMware environment, can I 2 L-ISE-VM-K9 licenses for each VM machines? and also I need 2 licenses for each basic, plus, and at the apex?

    4. What is smart net Cisco and Cisco SASU? need to buy these for support and ticketing system?

    5. What is license for cisco anyconnect (L-AC-APX-1 year-G)?

    thnx in adv.

    You can install ISE on a HP ONLY Server if you are using software virtualization (VMware or KVM).

    The Guide of Installation of ISE sets out three options:

    1 hardware appliance from cisco SNS

    2. virtual machine VMware

    3 Linux KVM.

    The AnyConnect license is required to qualify with the features of the Apex. It is not installed on the ISE server, however.

  • Cisco ISE (Identity Services Engine) - seeds SGA device?

    Hello

    We have a LAB with Cisco ISE, certificates and list DACL. Everything works fine with the 1.1.1 version but now we want to use the functionality of CMS - SGT instead of the ACL and we found that we need seed for this device and the only device that takes in charge the Nexus 7000 is. Is this true? What is the only way that we can use LMS - SGT? Are there plans that any other device will be used to seed device?

    BR, Marko

    The device of seed set as first device that communicates with the ISE. It must be a link.

    http://www.Cisco.com/en/us/docs/solutions/enterprise/security/TrustSec_2.0/trustsec_2.0_dig.PDF

    In addition the Nexus needs a license of Advanced Services installed in order to support the Trustsec.

    I can't comment on any future plans.

Maybe you are looking for

  • Help me solve some problems

    Hi all I have a few problems that started with my failure of iPhone 5 s screen. As mentioned above from the back of a month I unfortunately broke my iPhone screen, iphone which is no longer under warranty. I wanted to erase data from the phone to be

  • Ask to read a USB device descriptor

    I'm wrung in a test sequence to test the functionality of a prototype Board, including GSM, Bluetooth, JTAG,... etc. However, before coming to these modules, I want to have a module that could apply for and receive general information of the Board of

  • Update broken HP?

    Hey,. It seems that my HP update is broken. I get this image of the error: Can someone help me?

  • OfficeJet 4650: Ireland HP recycle point

    My 4650 officejer did not work, after contact with the customer service, they said they would send me a new printer and I need 'drop failed to recycle the point', and could someone tell me what this means? This means that there is a point of recyclin

  • device driver Bluetooth for windows vista

    Hello I have windows vista on my laptop. For these days, I am not able to connect my phone via bluetooth. It gives the error as "device driver not found for the bluetooth device. Could you please help? Kind regards Nikhil Sharma