Cisco ISE 2.2 – Open ports 9102 and 9103

Andrew CheremisovCisco ISE, SecurityLeave a Comment

One of our clients did a vulnerability scan of the new Cisco ISE 2.2 and found out two strange ports 9102 and 9103. After some research I find that those ports are related to ISE Wireless Setup. How to disable? At ISE admin CLI, issue application configure ise  Select option 17 ([17]Enable/Disable Wifi Setup). Note: If you have ISE 2.2 Patch 1 the ports will re-appear after 15-20 seconds and will not be able to disable them permanently. This behaviour is fixed in ISE 2.2 Patch 2

Refresh PMK every X seconds – Cisco ISE and Meraki

Andrew CheremisovCisco ISE, Security, WirelessLeave a Comment

One of our clients requested to refresh PMK (more about PMK) every 5 minutes during deployment of Cisco ISE and Meraki solution. Create new Authorization Profile in Cisco ISE (Policy – Policy Elements – Results – Authorization Profile) –Reauthentication—To choose, select the check box and enter a value in seconds for maintaining connectivity during reauthentication. You can also choose attribute values from the Timer drop-down list. You choose to maintain connectivity during reauthentication by selecting to use either the default (a value of 0) or RADIUS-Request (a value of 1) … Read More