Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all, I want to share my findings about IBNS 2.0 with interface templates and the idea to use this feature to have the same default interface config on all switchports in the network (except several uplinks for sure).
Main goal is: To allow not onl...
Hi all, I summarize quickly what we tried to do before writing this enhancement request: The switch should have a default port config for all access ports, allowing mab and dot1x. ISE should answer with a template name in the result, bringing the por...
Hi Team,a customer wants to use ISE guest portal with user/password authentication via an external Radius server. I have defined an external Radius server and a Radius Server Sequence containing this server, but I cannot choose this sequence as authe...
An airport plans to use ISE Hotspot Guest Portal for the passengers. To avoid, that the wifi bocomes overcrowded by thousands of airport employees, they want to define some rules like:- If an endpoint has been online >12 hours during the last 7 days,...
I have not played around much with this new command. For flexconnect APs, it should work great, since no EAPOL comes from the wireless clients to the switchport. Here, the "peer" command avoids, that authenticated wireless clients are authenticated a...
@Arne Bier @wkoschmeder @PSM In case you missed it: 17.7.1 introduced the attribute "peer" for the command "access-session host-mode multi-host" which only authenticates the directly connected neighbor device (e.g. the access point). Here is the link...
You are right: We don't use the supplicant config generally for all switches, but only for those who don't have physically secured uplinks, e.g. compact switches placed in an office as port extension. The goal is here, to not have unsecured trunk por...
Hi @Arne Bier,
here are some thoughts regarding your concerns:
write mem doesn't affect dynamic interface templates, since they are only applied to the session, not written to the running-configSwitch reboot is no problem. After the reboot, the authe...
Hi @Philipp Staiger, sorry for the delay. I planned to not only post the configs, but also describe the whole process with authentication results. But this is a little bit too time consuming. That's why I send the configs first and look forward to re...
