About mark373737

mark373737 · 11-11-2016

Hi All, We have a software issue where a certain type of vendor device randomly starts using an incorrect source MAC address. A manual port-bounce cures the problem...and afterwards the device types uses the correct source MAC address. So I'd like to...

mark373737 · 08-30-2016

Hi All, I'm about to move from Monitor Mode to Secure/Closed mode (ISE 2.0) and will be using a variant of the default Cisco ISE Access Point policy to authenticate 1000+ Cisco Access Points. However I have noticed that about 10% of the AP's have onl...

mark373737 · 05-03-2016

Hi All, The Comptability notes for ISE 2.0 suggests that OS X 10.11 (El Capitan) is supported regards onboarding and certificate provisioning. It doesnt mention specifically what SPW version it just says "SPW from Cisco.com or Cisco ISE client provi...

mark373737 · 04-18-2016

Hi All,I wonder if anyone can give some advice on the handling of legacy non-dot1x devices. My customer does not want non-corporate wired devices connecting to the network. For dot1x devices this is easily achieved. However for non-dot1x MAB devices...

mark373737 · 03-08-2016

Hi All, Recently upgraded to ISE 2.0 ahead of migrating a wired network from Monitor Mode to Secure Mode. I have configured two "stages" on ISE, with a policy set attached to each. So I have a very loose Monitor Mode policy set and a Secure Mode poli...

mark373737 · 08-17-2016

Apologies for not providing the final resolution here. Eventually we discovered the device was not being correctley profiled as an El Capitan OS. We tried to re-onboard it a few times but always got the same error. In the end we completely removed th...

mark373737 · 05-06-2016

Hi Joseph, Thanks for your response. I am using Safari to browse and the get the correct redirect to the BYOD portal. It then says I need to download some security software (presumably the SPW) but when I press "Start" it says "device is not current...

mark373737 · 05-05-2016

Thanks Neno, Interesting...it is hitting the correct policy that redirects it to the BYOD portal (although profiling not being specifically used as part of this policy as all unregistered devices attempting to use the defined SSID will be also direct...

mark373737 · 04-18-2016

Thanks Tim,Much appreciate the speedy response.I think I'm on the right track then, as I have created 4 customer endpoint groups with a policy for each. Initially the policy will only require membership of these groups but I want to add profiling at ...

mark373737 · 12-11-2015

Thanks Aaron, Upgrading to 1.4 this weekend so will hopefully see the endpoint purge. I think I get the import now. I export from the endpoint table to a .csv file. Edit that file to add the whitelist group column and then reimport it to the endpoi...

Member Since	‎12-23-2014 09:33 AM
Date Last Visited	‎08-18-2017 03:51 AM
Posts	25
Total Helpful Votes Received	11

User Statistics

User Activity

Port Bounce using ISE Policy Advanced Attribute Settings

Cisco Access Points not profiling correctly in ISE

ISE 2.0 Onboarding and Certificate Provisioning for OS X 10.11 (El Capitan)

Handling non-DOT1x devices

ISE Reauthentication and Reporting

Apologies for not providing

Hi Joseph,

Thanks Neno,

Re: Handling non-DOT1x devices

Thanks Aaron,