Hi,We are considering the use of a SGT to port map on every access switchport to enforce the traffic of the non-authenticated devices. Once the device is authenticated it will get a dynamic SGT that will override the static mapping. The question is,...
Hi,Let's say I have two ESG with a contract inherited from the EPGs due to the EGP-to-ESG selector. Then I create a new contract with the same ports than the inherited and I provide/consume it in the same way the inherited contract is. When does this...
Hi, I've configured a Cat9300 running Gibraltar 16.12.3 to retrieve its CTS PAC but it is not working. This is my current config: 9300-access#sh run | sec radiusaaa group server radius ise-pacserver name ise-pacaaa authentication dot1x default group ...
Hi, How can I change the default TCP 443 port for AnyConnect clients connections to a different port? This port is already in use by another server accessible from the outside. I'm using the FMC. Thanks.
Hi, I'm getting invalid credentials error while trying to connect integrate the FMC with my AD for external authentication. The exact error is:Opening connection to LDAP server - 10.20.20.10:389 - cn=user,dc=domain,dc=localCurrent TLS Require Cert: 0...
Hi, Switched to a 3750X to rule out issues with the Cat9300 but the problem persists. I've attached the log from ISE. Based on the message it is like the credentials set in both ends (swtich and ISE) don't match but I'm sure they do since I created s...
RADIUS: id 1, priority 1, host 10.254.11.30, auth-port 1812, acct-port 1813, hostname ise-labState: current UP, duration 257723s, previous duration 950480sDead: total time 950480s, count 0Platform State from SMD: current DEAD, duration 2988s, previou...
Hi Balaji, There it goes. It is a PoC and the device is not registered yet, but dot1x for client authentication works fine. 9300-access#show versionCisco IOS XE Software, Version 16.12.03Cisco IOS Software [Gibraltar], Catalyst L3 Switch Software (C...
