Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,Did somebody manage to use two radius servers in Policy for dot1x?We are doing a migration of clients and ISE and it would be helpful to check both servers and act on first access-accept.I am basing the idea on slides from Cisco Live Session:https...
How can I assign multiple service areas to service tempates when doing batch provisioning?OrderType UserID ProductName TemplateName Processor Service Domain ServiceArea UserRole Softkey Template User Locale Softkey Template User LocaleaddServiceTempl...
if your subnet in the vlan is 192.168.1.0/24
and you sue command :
ip device tracking probe auto-source fallback 0.0.0.6 255.255.255.0 override
arp probe will be send with ip 192.168.1.6
note how dangerous it is if you put 0.0.0.1 and this 192....
Just a blind shot but check this out:
https://community.cisco.com/t5/identity-services-engine-ise/ip-device-tracking/m-p/3750828#M20916
IP device tracking probes can cause endpoints to learn IP address of gateway ( depending on configuraiton you ...
We had the same issue. It should be written somewhere to reserve the IP for probes. Endhost learn arp entries for default gw ( in our case ) with mac address of switchport and this causes intermittent network connectivity issues.
We only figured out ...
We convinced our Security department that fragmented traffic is not pure evil and can be allowed
Otherwise we would need to replace all our devices to ones capable of jumbo MTU and convince our Service Provider to do the same thing ( so nearly impo...
We just solved similar issue. If client certificate chain is size of ~4000 he needs to fragment it at RADIUS level. We have choose to send first packet of size something around ~1400. When packet come to WLC, WLC encapsulated EAPOL within RADIUS and ...
