This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Do we support this flow with ISE?
Solved! Go to Solution.
This is not something that’s supported. Is this for customer to process accounts when they leave the company?
I would recommend they run a script with the API to remove the endpoints compared to a list of removed accounts.
For feature requests please reach out to the ISE Product Management team
What about BYOD flow using certificate based auth we could take the username from cert in authz rule validate its part of an AD group, this is standard configuration recommendation.
Not sure of the exact use case here, but remember you always have an option to connect the device to the standard secure SSID and do a WLAN interface based on the results. So something like this:
If PEAP Domain Computer then allows access to the internal network
If PEAP Domain User allow access to single the WLC to move the session to the guest interface
This is very friendly Employee Guest scenario that uses secure protocols and AD is checked every time they connect.