An administrator is attempting to join a new node to the primary Cisco ISE node, but receives the error message "Node is Unreachable". What is causing this error?
An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites. Which configuration must be applied on Cisco ISE?
When using separate PSNs for different sites, the network device must be added to all PSN nodes in the deployment, so that the device can communicate with the appropriate PSN based on the location of the user1. If the device is not added to all PSN nodes, the user may encounter an EAP-TLS authentication failure when moving between sites, as the device may not be able to reach the PSN that issued the certificate2. The other options are not relevant for this scenario, as they do not address the issue of PSN communication.
An administrator is attempting to join a new node to the primary Cisco ISE node, but receives the error message "Node is Unreachable". What is causing this error?
An enterprise uses a separate PSN for each of its four remote sites. Recently, a user reported receiving an "EAP-TLS authentication failed" message when moving between remote sites. Which configuration must be applied on Cisco ISE?
When using separate PSNs for different sites, the network device must be added to all PSN nodes in the deployment, so that the device can communicate with the appropriate PSN based on the location of the user1. If the device is not added to all PSN nodes, the user may encounter an EAP-TLS authentication failure when moving between sites, as the device may not be able to reach the PSN that issued the certificate2. The other options are not relevant for this scenario, as they do not address the issue of PSN communication.
The security team identified a rogue endpoint with MAC address 00:46:91:02:28:4A attached to the network. Which action must security engineer take within Cisco ISE to effectively
restrict network access for this endpoint?
Cisco ISE provides a feature called Adaptive Network Control (ANC) that allows administrators to apply policies to endpoints based on their behavior or status1. One of the ANC policies is Quarantine, which restricts network access for an endpoint by assigning it to a limited-access VLAN or applying an access control list (ACL) on the switch port2. To use the Quarantine policy, the administrator must add the MAC address of the rogue endpoint to the endpoint quarantine list in ISE2. This will trigger a change of authorization (CoA) for the endpoint and apply the Quarantine policy. The other options are not effective for restricting network access for a rogue endpoint, as they do not use the ANC feature of ISE.
Eladia
19 days agoChristoper
23 days agoSelma
1 months agoRoslyn
2 months ago