About cyanesh

cyanesh · 08-16-2017

Hello everyone, I am sure this has been asked before, but I don't see anything specific in the admin guide or online. I want to create(or modify) an ISE alert to send a notification(email) when a new unauthorized MAC is seen. I have ISE configured ...

cyanesh · 07-19-2017

Hello, As the title suggests, I am using Cisco 2960X switches, using MAB standalone with Cisco ISE 2.2. After some discussions with Cisco TAC, Was able to get a basic rule setup to do MAB with the switch, including accounting for using little 5 port...

cyanesh · 07-06-2017

Hello, I have ISE 2.2 setup. I am deploying MAB standalone. I need to do SIMPLE MAC Authentication. I want the switch to pass the MAC, ISE to pass back a yes or no so the switch can lock the port down or not. Thats it. I can't do device profilli...

cyanesh · 06-30-2017

We just purchased ISE. I deployed the OVA, but it doesn't ask me for a default CLI password any time. I can't find what the default CLI password is supposed to be, so I can finish setting the software up. I have tried all the combinations I have s...

cyanesh · 05-08-2017

Hello, I have a couple of questions about a Cisco 2921 I am using as a DMVPN hub. 1. I am trying to upgrade the IOS and have attempted to free up space, but the space free hasn't changed. It still shows not enough bytes free, and the space didn't f...

cyanesh · 07-20-2017

Andy, I created a separate endpoint group for the Avaya phones to be placed into. Then created a rule for that to hit first and pass the attribute as you suggested. That seemed to be the magic. The phones are now classified on the VOICE domain and...

cyanesh · 07-19-2017

Andy, The phone works just fine with DHCP normally. Right now I have the authentication open on the port, so ISE still sees all the authentication requests and the port is always authenticated. In that mode, the phone works just fine. ISE is pulli...

cyanesh · 07-11-2017

Marvin, From what I have read about per port ACL, is it only allows one per port. Unfortunately, with our numerous little switches, we have many ports that have multiple MACs. If I could just create a rule that wouldn't authenticate a MAC unless it...

cyanesh · 07-10-2017

Based off what I have read, as far as ISE is concerned we would definitely be in monitor mode. But, I think we keep skirting what I want to do, currently. I could have done it far easier and simpler with PFsense and Freeradius. When a MAC presents...

cyanesh · 07-07-2017

Marvin, Thanks for the info, very nice. I configured the rule like you suggested, but an unknown MAC still has access. I can see the switch go through a couple of stages of learning(amber, off, amber, off), then go green. And it does have network ...

Member Since	‎01-30-2017 02:14 PM
Date Last Visited	‎07-19-2019 12:29 PM
Posts	23

User Statistics

User Activity

ISE 2.2 + Alerts

Cisco ISE+2960x+MAB+Avaya IP Phone

ISE 2.2 with ONLY MAB Standalone

ISE OVA 2.2

Cisco 2921 IOS

Andy,

Andy,

Marvin,

Based off what I have read,

Marvin,