Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About Tim Baum
Stats
Member since
01-11-2012
22
Posts
1
Helpful
0
Solutions
Created by
Tim Baum
in Policy and Access
in Policy and Access
06-13-2017
08:59 AM
06-13-2017
08:59 AM
Is there a new way to do kerberos with MS AD that breaks ACS? Seems like a customer enabled Kerberos FAST and broke the link to their ACS servers. Any insight into this issue? Thanks Tim
... View more
Labels:
09-19-2016
06:10 AM
How do you select those condition for the profiler policy? The only library conditions are for profiling. And building a condition is also limited to the profile attributes. Which is my question, is there a better way to add a condition to check for a NDG:Type in profile when that attribute is not available than to create checks for MAC addresses?
I think this is a new feature but hoping others have a need to be able to tune profiling based on NAD.
Thanks
... View more
Created by
Tim Baum
in Policy and Access
in Policy and Access
09-18-2016
10:16 AM
09-18-2016
10:16 AM
Is there a way to block ISE from profiling endpoints that are on a specific NAD? There is a profiling rule that causes a NMAP-SNMP scan of a device if it matches a certain rule. These devices are wired and never on wireless. ISE is scanning wireless devices that match the initial rule but fail the scan since SNMP is not configured on these endpoints.
There is no condition that allows a check of network device group. Best option appears to be to check the calling station ID for known devices that should not use the NMAP-SNMP scan. But that means a long condition list.
Looking for a better way to block these profile scans on WLCs.
Thanks
... View more
- Tags:
- ise profile nmap
Labels:
Created by
Tim Baum
in Policy and Access
in Policy and Access
08-18-2016
10:07 AM
08-18-2016
10:07 AM
Is there a way to craft a DACL that blocks RDP session to an endpoint that is authenticated with ISE? Customer needs to block RDP going to certain workstations based on their login and authorization from ISE.
Thanks
... View more
- Tags:
- ise rdp dacl
Labels:
Created by
Tim Baum
in Identity Services Engine (ISE)
04-07-2019
04-07-2019
Customer is customizing the flow of their guest portal and wants to have
the temporal posture check ...
07-18-2018
I have had several customers ask for this capability as well - export
guest database to import into ...
Created by
Tim Baum
in Identity Services Engine (ISE)
11-29-2017
11-29-2017
I read that as well. It says they are encrypted but does not give
details on HOW it is encrypted. Th...
Created by
Tim Baum
in Identity Services Engine (ISE)
11-28-2017
11-28-2017
I've read that ISE REST API uses TLS (https) over port 9060 with basic
authentication. Is there any ...
Created by
Tim Baum
in Policy and Access
06-13-2017
06-13-2017
Is there a new way to do kerberos with MS AD that breaks ACS? Seems like
a customer enabled Kerberos...
04-12-2017
Are there any guides on how to configure ISE 2.x to use RADIUS for
device administration? Is there a...
Created by
Tim Baum
in Identity Services Engine (ISE)
03-08-2017
03-08-2017
I should add that they want to have guest register for an account on one
SSID (open) then get sponso...
Created by
Tim Baum
in Identity Services Engine (ISE)
03-08-2017
03-08-2017
Not the way this customer is using it.
Created by
Tim Baum
in Identity Services Engine (ISE)
03-07-2017
03-07-2017
Customer wants to use the self registration guest portal with sponsor
authorization but not the gues...
Created by
Tim Baum
in Identity Services Engine (ISE)
03-06-2017
03-06-2017
Is there a way to have a guest portal for self registration without the
login fields?Or is there a w...
Created by
Tim Baum
in Identity Services Engine (ISE)
01-27-2017
01-27-2017
When using more than one MDM server for device compliance checks, how do
you setup the AuthZ rules t...
09-19-2016
How do you select those condition for the profiler policy? The only
library conditions are for profi...
09-18-2016
Is there a way to block ISE from profiling endpoints that are on a
specific NAD? There is a profilin...
Public Statistics
| Date Registered | 01-11-2012 12:52 PM |
| Date Last Visited | |
| Total Messages Posted | 22 |
| Total Helpful Votes Received | 1 |
