About andrewswanson

andrewswanson · 10-13-2025

HiI'm using dynamic VLAN and TrustSec SGT assignment on Catalyst 3650s with ISE 3.2 patch 7.The authorization policies are working as expected but I'm seeing some anomalies in the NetFlow stats for the VLAN that clients are assigned to.The NetFlow st...

andrewswanson · 02-20-2025

HiI'm using ISE 3.2 patch 7 - deployment was recently upgraded from ISE 3.2 patch 3.There is a policy set for wired CWA guest portal that has stopped working since the patching. The wired Guest flow used is inline with the image belowAfter the client...

andrewswanson · 11-12-2024

HiI'm running into some teething issues with Cisco ISE RADIUS persistency on a Citrix MPX Netscaler.Configuration is pretty much in line with Cisco document below.https://community.cisco.com/t5/security-knowledge-base/citrix-netscaler-cli-configurati...

andrewswanson · 05-27-2024

HiI'm using a 3rd party signed certificate on ISE 3.2 patch 3 for EAP authentication.This certificate has 2 Alternate Certificate Chains. ISE currently has the top path/chain installed in its Trusted Certificates store for chaining the EAP certificat...

andrewswanson · 02-29-2024

HiI'm trying to profile a Summa vinyl cutter on ISE 3.2 patch 3. ISE profiler feed is up to date and the device is listed with the following MAC OUIOUI IEEE Registration AuthorityWhen I looked up the MAC Address on the IEEE site, the first 6 characte...

andrewswanson · 12-12-2025

HiThere's an old thread below discussing polycom dhcp issues with dynamic vlan assignmenthttps://h30434.www3.hp.com/t5/Desk-and-IP-Conference-Phones/Polycom-VVX-phones-on-an-802-1x-EAP-Enabled-Switch-fail-to/td-p/8793019Is seems to suggest that for m...

andrewswanson · 12-10-2025

HiThe link below states:If the phone can’t communicate with the DHCP server on startup, the phone’s status bar reports Network Down. The phone communicates with the DHCP server every 5 minutes to acquire an IP address or for lease renewal.https://doc...

andrewswanson · 11-29-2025

Hithe thread below discusses how windows 802.1x supplicant detects a vlan changehttps://community.cisco.com/t5/network-access-control/dynamic-vlan-behavor/td-p/4589001The output you posted shows that you are using mab for the printer - does the print...

andrewswanson · 11-29-2025

HiIs the printer getting an IP prior to authorization? If so, the printer will retain this DHCP lease even if its nic is bounced.I've seen this behaviour across all printer vendors.Try reducing the DHCP lease time of the landing VLAN to a matter of m...

andrewswanson · 11-13-2025

Thanks for the update Sebastian - this post on the F5 forum mirrors what you found with Netscaler:https://community.f5.com/discussions/technicalforum/irule-http-traffic-to-the-same-real-server-as-radius-session/26354I though maybe an Enhancement Requ...

Member Since	‎05-02-2006 05:16 AM
Date Last Visited	‎12-12-2025 04:22 AM
Posts	793
Total Helpful Votes Received	610

User Statistics

User Activity

Occasional delay in assigning ISE SGTs to client traffic on NAD

Wired CWA stops working after patching to ISE 3.2 patch 7

ISE RADIUS persistence on Citrix Netscaler query

ISE EAP Certificate with Alternate Certificate Chain

Cisco ISE profiler feed and 28 bit MAC OUI's

Re: IP phone endpoint not getting a DHCP offer on a closed port

Re: IP phone endpoint not getting a DHCP offer on a closed port

Re: Printer COA vlan Issue

Re: Printer COA vlan Issue

Re: ISE Netscaler Loadbalancing Cross-Service Persistence