About BTinNC

BTinNC · 05-31-2016

I have an AuthC rule that says If Wired_802.1x, use "Corp_dot1x_user_sequence". The Corp_dot1x_user_sequence Identity Source Sequence says to select the Cert profile from "Corp_Cert_Profile" and use the "CorpAD" Auth Search List. The "Corp_Cert_Profi...

BTinNC · 05-26-2016

I am curious to get your feedback on the best order to authorize devices in the Authorization Policy. Currently we have it set for First Matched Rule Applies, and have the rules set up like this: 1: Wireless Blacklist devices --> Denied 2: MAB devic...

BTinNC · 05-25-2016

We have ~150 access switches in our company and have implemented 802.1x security on the ports.I would like to know if there are any tools, ISE commands or switch commands I can use to get an inventory on which switch ports have authentication enabled...

BTinNC · 04-27-2016

I am reading through a lot of documentation trying to increase my knowledge on how ISE Profiling works. I have found many design guides that say to enable these commands: ip dhcp snooping ip dhcp snooping vlan [VLAN ID's] I understand the basic conc...

BTinNC · 04-21-2016

My company has a large population of HP Thin Clients that are not joined to our AD domain and thus cannot do dot1x because they do not have certificates. We decided to do profiling for these devices. We profile for a couple attributes, two of those b...

The Windows Server CA was · 06-06-2016

The Windows Server CA was going to be the issuing CA for the certs for the domain and non-domain joined computers, and the original corporate policy checks for CN in the authz policy now, so I am pretty sure that policy would be the only one used. As...

If I create a policy above · 06-06-2016

If I create a policy above the corporate policy and do as you suggest by having it check the CN of the cert to look for the domain name, will it still check to make sure that the cert was signed by the root CA that is in the Trusted Certificates? Our...

We do have the domain/non · 06-01-2016

We do have the domain/non-domain hosts connecting to the same switches around the company. When I look at the Certificate Auth Profile, Never is grayed out. I spoke to Cisco TAC and the TAC engineer said what I wanted to do was go to the Authentica...

BTinNC · 05-26-2016

Thank you for your help!

Thank you for the great help · 04-26-2016

Thank you for the great help Jan. This is what I suspect as well. What I am trying to figure out is why the DHCP request is not being received by the ISE PSN. I can confirm through a packet capture that the endpoint sends the dhcp request as soon as ...

Member Since	‎01-19-2012 01:20 PM
Date Last Visited	‎10-06-2017 04:03 PM
Posts	25
Total Helpful Votes Received	5

User Statistics

User Activity

Where does the AD member check come in to dot1x auth?

What order for Authz Policy?

Tools to manage/monitor 802.1x enabled switch ports

Enabling DHCP Snooping for profiling without blocking DHCP requests

HP Thin Client running Windows Embedded cant profile with DHCP attributes

The Windows Server CA was

If I create a policy above

We do have the domain/non

Thank you for your help!

Thank you for the great help