Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an AuthC rule that says If Wired_802.1x, use "Corp_dot1x_user_sequence".
The Corp_dot1x_user_sequence Identity Source Sequence says to select the Cert profile from "Corp_Cert_Profile" and use the "CorpAD" Auth Search List.
The "Corp_Cert_Profi...
I am curious to get your feedback on the best order to authorize devices in the Authorization Policy.
Currently we have it set for First Matched Rule Applies, and have the rules set up like this:
1: Wireless Blacklist devices --> Denied
2: MAB devic...
We have ~150 access switches in our company and have implemented 802.1x security on the ports.I would like to know if there are any tools, ISE commands or switch commands I can use to get an inventory on which switch ports have authentication enabled...
I am reading through a lot of documentation trying to increase my knowledge on how ISE Profiling works.
I have found many design guides that say to enable these commands:
ip dhcp snooping
ip dhcp snooping vlan [VLAN ID's]
I understand the basic conc...
My company has a large population of HP Thin Clients that are not joined to our AD domain and thus cannot do dot1x because they do not have certificates.
We decided to do profiling for these devices. We profile for a couple attributes, two of those b...
The Windows Server CA was going to be the issuing CA for the certs for the domain and non-domain joined computers, and the original corporate policy checks for CN in the authz policy now, so I am pretty sure that policy would be the only one used.
As...
If I create a policy above the corporate policy and do as you suggest by having it check the CN of the cert to look for the domain name, will it still check to make sure that the cert was signed by the root CA that is in the Trusted Certificates?
Our...
We do have the domain/non-domain hosts connecting to the same switches around the company.
When I look at the Certificate Auth Profile, Never is grayed out.
I spoke to Cisco TAC and the TAC engineer said what I wanted to do was go to the Authentica...
Thank you for the great help Jan.
This is what I suspect as well.
What I am trying to figure out is why the DHCP request is not being received by the ISE PSN. I can confirm through a packet capture that the endpoint sends the dhcp request as soon as ...
