About firestartest

firestartest · 01-20-2019

I'm finding it hard to understand the correct process of backup and restore for ISE with regards to BYOD and certificates. I have a two node deployment with Primary PAN and Secondary PAN. BYOD is working and we have 300 registered devices with issued...

firestartest · 01-11-2019

Is it possible to have a guest self registration portal wherein the user creates an account, has to have an email validation sent but in order to get the email they get a grace period of Internet access for around 20 minutes? I know Meraki have this ...

firestartest · 10-30-2018

Has anyone successfully deployed a BYOD solution using ISE and Meraki access points? I can't get the blacklist portal to work. Despite sending the Authz profile as: Access Type = ACCESS_ACCEPTAirespace-ACL-Name = MERAKI-BLACKLISTcisco-av-pair = url...

firestartest · 10-10-2018

An AD account with privileges is required to join ISE to a domain as per the documentation, that is easy to sort out. But what happens if the account has a password policy set to renew every 30 days? Is the AD account no longer used after the join op...

firestartest · 10-05-2018

I can't find any documentation that describes how the CWA works for a client with regards to how the intercept works and how http responses are sent back to the client. From what I understand the client does DNS lookup for a web site, DNS responds wi...

firestartest · 01-20-2019

Hi, yes that's what the guide says. However if I run the command on the secondary PAN it says "certificates being imported do not match this devices hostname". So I cancelled it. Is this a standard warning and should I ignore it?

firestartest · 01-11-2019

Hi thanks for replying. it is a customer requirement that a user registers for access with an email address and then gets temporary Internet access in order to retrieve the email. The example you posted seems to give 15 minutes access then redirects ...

firestartest · 10-10-2018

Thanks. That's the problem I have, the customer has strict password expiry policies for all AD accounts which mean passwords need changing every 30 days!

firestartest · 10-06-2018

Hi, how does the device intercept the traffic? Does it reply pretending to be the IP address of the HTTP Get destination?

firestartest · 10-04-2018

Yeah I was thinking that and maybe getting clients to manually type in a URL of a site that is also bypassed to force the portal up.

Member Since	‎04-27-2004 05:11 AM
Date Last Visited	‎02-19-2021 06:38 AM
Posts	110
Total Helpful Votes Received	6

User Statistics

User Activity

ISE 2.4 BYOD certificate backup / restore

ISE guest self registration with email validation and grace period access

ISE blacklist redirect not working on Meraki access points

ISE AD service account password expiry

ISE WLC CWA packet flow

Re: ISE 2.4 BYOD certificate backup / restore

Re: ISE guest self registration with email validation and grace period access

Re: ISE AD service account password expiry

Re: ISE WLC CWA packet flow

Re: ISE CWA with client proxy settings