About Richard Wakefield

Richard Wakefield · 07-30-2018

Team, We have a situation where a SAML/Shibboleth server was moved to AWS, while ISE is still on the internal network. This has caused a situation where ISE is rejecting the authentication of some clients based on the way they connect to the networ...

Richard Wakefield · 11-16-2017

ISE 2.2p4 using 172.27.0.0 /16 for the NAD, ISE is not finding the NAD.If I put in a specific address, 172.27.0.254/32 it works fine.If I put in a subnet, 172.27.0.0/16, ISE log shows "unknown network device" I think I am hitting this: https://bst.cl...

Richard Wakefield · 11-11-2017

Note: This was tested on ISE 2.1p3 and ISE 2.1p6I'm trying to make a very concise rule to deny folks from joining the WiFi after business hours, 8am to 5pm. The easiest way is to create 1 deny rule that would go into effect anytime other than M-F 8-5...

Richard Wakefield · 05-27-2019

This needs to be fixed, not just 'no longer supported'. People running the install script mess this up all the time in oddball time zones, like Arizona that doesn't do daylight savings time, and needs to be fixed after the fact more times than not. I...

Richard Wakefield · 07-30-2018

>>Use other interfaces on ISE, maybe? The problem is the customer wants to make MyDevices accessible only internally accessible (10.132.X.X) or via VPN (150.135.112.X), but Shibboleth server is now in AWS so all users get NAT'd to 150.135.165.X. Th...

Richard Wakefield · 06-22-2018

I've got it working with 8.3.141.0, no problem other than the config is colossally complicated. https://www.cisco.com/c/en/us/support/docs/wireless/aironet-1810w-series-access-points/200630-AP1810W-LAN-Port-Mapping.html You have to create an RLA...

Richard Wakefield · 06-21-2018

I've got something like this, ISE Captive Portal of some flavor, running with Cisco WLCs at very large deployments (100,000 users and 10,000 APs, 60,000 users also 10,000 APs, etc.) and the first time I hit this problem was when I tried to recreate t...

Richard Wakefield · 06-21-2018

I've got 2.3 patch 4 in my lab, and it is an MR32 not a 34 as I said above. It all works great with my Cisco WLC running 8.3 MAB/RadiusNAC/AAAOverride, but having the above described issue with the MR32 with IOS (iphone and ipad running 11.4). MACOS ...

Member Since	‎10-12-2012 10:05 AM
Date Last Visited	‎08-15-2019 11:36 PM
Posts	54
Total Helpful Votes Received	55

User Statistics

User Activity

ISE SAML Shibboleth and client IP address checks, can I turn it off?

ISE 2.2p4 using 172.27.0.0 /16 for the NAD, ISE is not finding the NAD

ISE Time of Day rule Exceptions not working

Re: Changing Timezone

Re: ISE SAML Shibboleth and client IP address checks, can I turn it off?

Re: Having spoken to our Cisco

Re: ISE 2.2 and Meraki Deployment - CNA Apple Issues

Re: ISE 2.2 and Meraki Deployment - CNA Apple Issues