Guys, have anyone deployed 4100 into a cluster layer 2 ? How is this different than ASA 5585 X ?  Please share your experience .. ... View more

With ISE PRoxy how CoA works ? here is the setup : Radius server >> ISE AS a radius proxy >>> Network device >> User Normally ISE initiate the CoA to the NAD , however in this case can external radius device issue a CoA to the ISE ( which is somehow acting as a radius client ). Anyone has done this and would like to advise ? I can not see any docs explaning this setup. ... View more

Hello guys, I need to provide hotpsot internet for my guests , we would like to use ISE for policy management . we have 4 PSNs located behind the F5 LB. Guest are using the DMZ DHCP/DNS services. Anchor controller is in DMZ. Appreciate if someone out here please clarify below concerns :- 1- on Pre-auth ACL ( redirect ACL) at WLC do i need to just allow f5 VIP or F5 VIP + IPs of 4 PSNs , this access would be provided at TCP port 443 only ? 2- once client will go the guest portal where they just need to go through AUP before getting connected to the Internet, we want they should see URL on their browser something like "guestinternet.com" not the PSN IP address. Can it be done ? 3- We also like to install public CA signed certificate so that guest won'e be getting any certificate issues, Please advise if we just need certificate for 4 PSN nodes ? We would like to order a single certificate having multiple SAN fileds , we want to add 4 PSNs and 2 Admin nodes as a part of SAN field on this certificate.  ISE is running version 1.3. Thanks, Prashant ... View more

we are in the process of deploying hotspot for our guests and we don't want that they should face any certificate error while redirecting to the ise portal. Please help me to understand to process of importing public CA Certs to it. We have around 6 PSNs located behind F5. thankd  please advise if this change requires any downtime . tthanks  ... View more

Hello Team, ISE is running with code 1.3, I want to use this as a radius proxy for one of our clients. I have already added client AD server as an external radius server in the ISE. There are two radius servers. client wants to have policies configured in below manner-  Group A of AD sevrer ( radius server ) should be the part of vlan 10. Group B of AD server ( radius server ) should be the part of vlan 20. Can someone please confirm how authentication and authorixzation policies will look like ?  if anyone has deployed this use case ? Thanks in advance. ... View more

Hello Guys, I have 2 ISE nodes acting in all 3 personas, they are not located behind any load balancer devices. I would like to know if I have to configure authorization and authentication policy for both of nodes? In other word what would be configuration ( policies) when ISE is not located behind any load balancer device ? Thanks, Prashant   ... View more

Hello Team, we have two ASA 5585-x running in cluster, I would like to know how many contexts we can create ?  if we are able to create total 4 contexts ( default with a base license )  then what would happen if one of the cluster member is down leaving just one active member in the cluster. will still 4 contexts would be liver and serving the traffic? did anyone experience this , I would like to know more based on the experience. I didn't find any cisco doco explaining the same. Questions : What happens when one unit experiences outage? Does the surviving unit still have 4 contexts and if so for how long? Thanks, Prashant ... View more