Cisco ISE Guest API – PHP script

Andrew CheremisovCisco ISE1 Comment

Adds user to ISE via POST request. Returns first/last name and ISE generated username and password. GitHub repository: https://github.com/acheremisov/cisco-ise-guest-api Postman POST request to the script ISE guest user is created

Cisco ISE 2.2 – Open ports 9102 and 9103

Andrew CheremisovCisco ISE, SecurityLeave a Comment

One of our clients did a vulnerability scan of the new Cisco ISE 2.2 and found out two strange ports 9102 and 9103. After some research I find that those ports are related to ISE Wireless Setup. How to disable? At ISE admin CLI, issue application configure ise  Select option 17 ([17]Enable/Disable Wifi Setup). Note: If you have ISE 2.2 Patch 1 the ports will re-appear after 15-20 seconds and will not be able to disable them permanently. This behaviour is fixed in ISE 2.2 Patch 2

Refresh PMK every X seconds – Cisco ISE and Meraki

Andrew CheremisovCisco ISE, Security, WirelessLeave a Comment

One of our clients requested to refresh PMK (more about PMK) every 5 minutes during deployment of Cisco ISE and Meraki solution. Create new Authorization Profile in Cisco ISE (Policy – Policy Elements – Results – Authorization Profile) –Reauthentication—To choose, select the check box and enter a value in seconds for maintaining connectivity during reauthentication. You can also choose attribute values from the Timer drop-down list. You choose to maintain connectivity during reauthentication by selecting to use either the default (a value of 0) or RADIUS-Request (a value of 1) … Read More

Cisco ISE 2.2 OVA image and VMware vCenter 6.5+

Andrew CheremisovCisco ISE, SecurityLeave a Comment

Recently I installed the new ISE virtual appliance for one of our customers and found out that you no longer can natively import OVA image to VMware vSphere center. Cisco has one line explanation in ISE 2.2 guide The ISE 2.2 OVA templates are not compatible with VMware web client for vCenter 6.5. As a workaround, use the VMware OVF tool to import the OVA templates. Workaround: Download OVF tool from VMware site – https://my.vmware.com/group/vmware/details?downloadGroup=OVFTOOL420&productId=491 Download the latest ISE appliance OVA image from Cisco site Go to OVF tool folder in command … Read More