Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi All,
We have a software issue where a certain type of vendor device randomly starts using an incorrect source MAC address. A manual port-bounce cures the problem...and afterwards the device types uses the correct source MAC address. So I'd like to...
Hi All,
I'm about to move from Monitor Mode to Secure/Closed mode (ISE 2.0) and will be using a variant of the default Cisco ISE Access Point policy to authenticate 1000+ Cisco Access Points.
However I have noticed that about 10% of the AP's have onl...
Hi All,
The Comptability notes for ISE 2.0 suggests that OS X 10.11 (El Capitan) is supported regards onboarding and certificate provisioning. It doesnt mention specifically what SPW version it just says "SPW from Cisco.com or Cisco ISE client provi...
Hi All,I wonder if anyone can give some advice on the handling of legacy non-dot1x devices. My customer does not want non-corporate wired devices connecting to the network. For dot1x devices this is easily achieved. However for non-dot1x MAB devices...
Hi All,
Recently upgraded to ISE 2.0 ahead of migrating a wired network from Monitor Mode to Secure Mode.
I have configured two "stages" on ISE, with a policy set attached to each. So I have a very loose Monitor Mode policy set and a Secure Mode poli...
Apologies for not providing the final resolution here.
Eventually we discovered the device was not being correctley profiled as an El Capitan OS. We tried to re-onboard it a few times but always got the same error.
In the end we completely removed th...
Hi Joseph,
Thanks for your response. I am using Safari to browse and the get the correct redirect to the BYOD portal. It then says I need to download some security software (presumably the SPW) but when I press "Start" it says "device is not current...
Thanks Neno,
Interesting...it is hitting the correct policy that redirects it to the BYOD portal (although profiling not being specifically used as part of this policy as all unregistered devices attempting to use the defined SSID will be also direct...
Thanks Tim,Much appreciate the speedy response.I think I'm on the right track then, as I have created 4 customer endpoint groups with a policy for each. Initially the policy will only require membership of these groups but I want to add profiling at ...
Thanks Aaron,
Upgrading to 1.4 this weekend so will hopefully see the endpoint purge.
I think I get the import now. I export from the endpoint table to a .csv file. Edit that file to add the whitelist group column and then reimport it to the endpoi...
