About andrewswanson

andrewswanson · 04-18-2023

HiI'm currently using Prime Infrastructure to allow front line support to change the interface template used on a given Catalyst 3650 switchport.On Prime, this uses velocity templates (see below) and Configuration Groups. When the template is run, th...

andrewswanson · 11-23-2022

HiI have an ISE 2.7 patch 7 distributed deployment that is bound to AD.AD was recently patched with regards to CVE-2022-38023. Since then, the AD admins are reporting that the PSNs are appearing in their logs every few hours with "The Netlogon servic...

andrewswanson · 05-27-2022

HiI'm looking at an ibns 2 802.1x policy on Catalyst 3650 (ver 16.09.08) with ISE 2.7 patch 7. The switch setup should send the 802.1x client's vlan id to ISE (in the access-request during authentication) so that it can be used in an authorization co...

andrewswanson · 05-18-2022

HiI'm having issues with CLI Analayzer when running Crashinfo Analyzer for a WS-C3650-48PD running 16.9.4.I get the message "Cisco IOS-XE Crashinfo Analyzer is currently unavailable [471]". I've tried this on different PCs with different versions of ...

andrewswanson · 05-26-2021

HiI'm using Cisco Smart Software Manager On-Prem server for Catalyst switch smart licensing. The server has been unable to sync with Cisco for a few months. When I attempt to do a full sync. I get the following error: I'm using my CCO for this and ha...

andrewswanson · 04-21-2023

HiHave you looked under Trust & Privacy > Certificates? The System tab is there in version 2.2.3.6hthAndy

andrewswanson · 04-19-2023

HiThanks for the reply.The difference between the interface templates isn't just the vlan. The associated ibns 2.0 policies are different as well - different host modes, some are mab and dot1x (or one or the other) or CWA and they also activate diffe...

andrewswanson · 04-17-2023

Hi Druv - if you re using "process host lookup" for certificate authorization on ISE, ensure you have a certificate authorization profile configured for your AD - see below for screenshot of profile that I used. (its configured under Administration >...

andrewswanson · 03-18-2023

Microsoft documentation seems to suggest that using multiple supplicants is possible - how to do this using the EAPHost api is another question (and what, if any, 3rd party supplicants are supported).hthAndyhttps://learn.microsoft.com/en-us/windows/w...

andrewswanson · 03-15-2023

HiIf you are terminating AnyConnect VPN on an ASA, you can look at using the "Access Deny Message" on the ASA Group policy.hthAndyAccess Deny Message—To create a message to display to users for whom access is denied, enter it in this field.https://ww...

Member Since	‎05-02-2006 05:16 AM
Date Last Visited	‎04-24-2023 03:46 AM
Posts	684
Total Helpful Votes Received	571

User Statistics

User Activity

provisioning an interface template using DNAC

Cisco ISE with AD CVE-2022-38023 patch

ibns 2.0 vlan-id in access-requests

Cisco IOS-XE Crashinfo Analyzer is currently unavailable [471]

Cisco Smart Software Manager On-Prem synch issue

Re: DNAC - No System Certificate Tab

Re: provisioning an interface template using DNAC

Re: ISE authorization policy for ASA VPN user certificates

Re: Allowing Windows WIFI profiles when running Cisco Secure Client NA

Re: I want to print a error message to anyconnect user. (CISCO ISE)