Diag2 Flashcards
- MAB_PC is not able to reach allowed network resources.
Incorrect network device group configuration
Radius packet from SW2 has been sourced from an incorrect interface
authorization policy needs to be corrected on ISE for the MAB session
Authentication policy needs to be corrected on ISE for the MAB session
There is an issue with aaa login authentication method configuration on the switch
authorization condition needs to be corrected on ISE for the MAB session.
ISE has the incorrect key for the network device
SW2 port is incorrectly configured for MAB.
Authentication policy needs to be corrected on ISE for the MAB session
*** ISE authentication Rule - should be User, but used Endpoint
- Employee profile has no network connectivity.
Authentication condition needs to be corrected on ISE for the Dot1x session.
The ISE has incorrect netework device address.
Authoriztion condition needs to be corrected on ISE for the Dot1x session authentication.
SW1 is point to incorrect ISE server for Dot1x session authentication.
Incorrect use group configuration on ISE
Issue with aaa network authorization method configuration on SW1.
SW1 port is incorrectly configured for Dot1x
Authorization policy needs to be corrected on ISE for the Dot1x session.
The ISE has incorrect network device address.
- Contractor Profile has issue connecting to the network
ISE unable to communicate with active Directory.
Incorrect network device Group configuration.
Issue with AD group mapping on ISE.
There is an issue with CoA configuration on ISE.
There is an issue with CoA configuration on SW2.
SW2 port is incorrectly configured for MAB authentication.
Radius packet has been sourced from an incorrect interface on SW2.
Issue with MAB authorization result configuration on ISE.
ISE unable to communicate with active Directory.
- Site-To-Site IPSec VPN failure using FTDs.
FMC 5.2 does not support poit-to-point VPn tunnel.
FTD2 VPN policy is incorrect.
Issue with FTDs network zones configuration
R4 is missing static routes for VPN tunnel establishment.
FTD1 policy is not consistent with the topology.
FTD2 interfaces configuration is not consisitent with the topology.
Issue with FMC licensing.
FTP1 outside object are incorrectly configuration.
Issue with FMC licensing.
- FMC not able to see the scanned events from end host protected by FireAMP connector.
Incorrect Export Group Mappping on the Cloud for FMC.
DNS is incorrectly configurated fro the cloud “Defense Center Link” resolution.
FMC should be mannually configuration fro time and NTP should be used.
Proable issue with sliding windows time range fro AMP events analysis on FMC
Cloud and FMC should not be done lookup using the same DNS.
Cloud has an incorrect next-hop.
Time Synchronization isssue with the NTP server on Cloud.
Cloud is disabled under FMC AMP management
FMC 6.2 is pointint to the incorrect DNS.
Incorrect Export Group Mappping on the Cloud for FMC.
- Unable to add a device into Cisco DNA Center (DNAC) for network.
Incorrect Protocol used on DNAC to communicatte with SW1_v
RO community string mismatch when adding device to DNAC.
Incorrect enable password used when adding device to DNAC.
write community string missing when adding device to DNAC.
Incorrect VTY password entered when adding device to DNAC.
SW1_v interface to reach DNAC is down.
SW1_v should disable NTP
SW1_v not setup for RO community string.
SNMP version mismatch between DNAC and SW1_v.
VTY line missing authentication method.
RO community string mismatch when adding device to DNAC.
- python script is failing to retrieve network device list from Cisco DNA Center (DNAC) inventory.
script has incorrect DNAC address.
Management PC cannot reach DNAC
DNAC is blocking HTTPS access.
script is not referencing IP address of network devices.
sctipt is calling incorrect API to retrieve device list from DNAC
Script has incorrect DNAC login usename
Script has incorrect DNAC login password
Script is not configured to use service ticket for DNAC login password.
Script is not configured to use HTTPS for DNAC access.
DNAC does not support Python.
Script is not configured to use HTTPS for DNAC access.
- Central “webAuth” is broken for the guest account.
OSE CoA authorization rule is incorrectly configured.
SW2 is not able to communicate with ISE.
Incorrect ACL is pushed for the MAB authorization profile
Switch redirect ACL is incorrectly configured.
Issue with CoA configuration on SW2.
CWA authentication rule is pointing to incorrect database.
MAB is disabled on SW2 authentication port.
Issue with CWA policy set condition on ISE.
CWA authentication rules is incorrectly configured.
SW2 belongs to incorrect device group in ISE.
Issue with CWA policy set condition on ISE.
- Anyconnect ISE posture implementation is broken.
Incorrect Redict ACL configured on ASA1.
Incorrect Provisioning portal URL.
HTTP server not eabled on ASA1.
HTTPs server not eabled on ASA1.
Posture profile missing on ASA1.
Redirect ACL not properly configured in posture authorization profile.
Incorrect translation for ISE on ASA1.
No inside route on ASA1 for ISE.
Incorrect Posture policy set configuration.
Posture profile has an incorrect ISE pointer.
Issue with network device configuration on ISE.
Incorrect Provisioning portal URL.
10.Device profiling is not working to deny autorization of certain category of rogue MAC address.
authorization rule is incorrectly configured.
Matching identity group should be disabled for profile.
authentication rule is incorrectly configured.
Profile is disabled
Issue with network device configuration on SWitch.
Access Policy is incorrectly configured.
profile policy rule is incorrrectly configured.
Issue with authentication port configuration on SW2
Logical profile incorrectly configured.
Issue with network device configuration on ISE.
Issue with profile rule certainly tractor configuration.
Profiler policy is disabled.
profile policy rule is incorrrectly configured.