04-17-2017 01:48 PM
Do we support this flow with ISE?
Solved! Go to Solution.
04-19-2017 01:57 AM
Hi,
This is not supported.
who is the customer asking for this? what is the business case for ISE?
Is this an existing customer or a new one?
Thanks
Tal.
04-18-2017 06:46 AM
This is not something that’s supported. Is this for customer to process accounts when they leave the company?
I would recommend they run a script with the API to remove the endpoints compared to a list of removed accounts.
For feature requests please reach out to the ISE Product Management team
04-19-2017 12:18 PM
What about BYOD flow using certificate based auth we could take the username from cert in authz rule validate its part of an AD group, this is standard configuration recommendation.
04-19-2017 02:53 PM
Not sure of the exact use case here, but remember you always have an option to connect the device to the standard secure SSID and do a WLAN interface based on the results. So something like this:
If PEAP Domain Computer then allows access to the internal network
If PEAP Domain User allow access to single the WLC to move the session to the guest interface
This is very friendly Employee Guest scenario that uses secure protocols and AD is checked every time they connect.
04-19-2017 01:57 AM
Hi,
This is not supported.
who is the customer asking for this? what is the business case for ISE?
Is this an existing customer or a new one?
Thanks
Tal.
04-19-2017 06:04 AM
Please work offline with Tal as this is a public forum
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: