About Stuart Patton

Stuart Patton · 11-14-2025

Hi,I have an FTD2140 running ASA and use management0/0 for SSH and HTTP management access to the firewall whether on-prem or remote. On the 9.12 train, we can manage the same firewall we are landing on with "management-access management". After upg...

Stuart Patton · 09-23-2025

Hi,Further to my previous posts around profiling, I've now stumbled on another issue and wondered if the community has any ideas or can point to the documentation source that sheds light.Say I have a profiling policy with a rule that matches an arbit...

Stuart Patton · 06-09-2025

Hi,Having some issues with ISE 3.3 patch 4 regarding MAB authorisation rules. We are using a third party product that ingests endpoints from ISE as well as from strategic span ports. By examining the traffic flows from the endpoint, it can then wri...

Stuart Patton · 12-20-2024

Hi, I'm trying to preempt a change of EAP certificate as part of an ISE upgrade we are undertaking and having problems with certificate trust on Apple devices. We are using a Microsoft CA infrastructure with an offline root and online sub-CA. Previ...

Stuart Patton · 06-14-2024

Hi,I am troubleshooting an issue with an L3OUT that is bouncing/flapping periodically. It looks to me to be a physical issue but I am struggling slightly. The ACI switch is a Nexus 93180YC-FX which is connected to my core which is C9500-48Y4C. Bot...

Stuart Patton · 11-28-2025

Ok, I've found a workaround that is acceptable for my environment. ASA 9.18(2) allows loopback interfaces to be created, so I have created a /32 lo0 and added management ACL rules that permit access from the VPN client range. It doesn't even need to...

Stuart Patton · 11-28-2025

Hi Ben,The CiscoSSH stack isn't running and hasn't been running. It also affects HTTPS (ASDM) too.

Stuart Patton · 09-23-2025

Hi Arne,I can say I've seen this exact behaviour, but not under conditions that would relate to load. We are also using xDome and using it to feed custom attributes with contextual information to ISE. In the Authz rule we have a condition that says...

Stuart Patton · 05-06-2025

I've got the same problem on ISE 3.3 patch 4, and this solution did not work initially. It seemed to work if I hit the "save" button at the top of the page rather than attempting to scroll to the bottom of the authz rules.

Stuart Patton · 12-20-2024

In the auth rule, the protocol is EAP_TLS_MSCHAPV2

Member Since	‎09-15-2011 02:16 AM
Date Last Visited	‎11-28-2025 01:45 AM
Posts	85
Total Helpful Votes Received	25

User Statistics

User Activity

Management access from directly connected Anyconnect client 9.18+

Triggering reprofiling with lower CF value

ISE 3.3 patch 4 authorisation matching

Apple devices with enterprise auth / certificate trust

Enabling DOM / troubleshooting QSFP issue

Re: Management access from directly connected Anyconnect client 9.18+

Re: Management access from directly connected Anyconnect client 9.18+

Re: Cisco ISE Profiling limitations

Re: ISE Cannot remove auth policy in policy set

Re: Apple devices with enterprise auth / certificate trust