About andrewswanson

andrewswanson · 02-20-2025

HiI'm using ISE 3.2 patch 7 - deployment was recently upgraded from ISE 3.2 patch 3.There is a policy set for wired CWA guest portal that has stopped working since the patching. The wired Guest flow used is inline with the image belowAfter the client...

andrewswanson · 11-12-2024

HiI'm running into some teething issues with Cisco ISE RADIUS persistency on a Citrix MPX Netscaler.Configuration is pretty much in line with Cisco document below.https://community.cisco.com/t5/security-knowledge-base/citrix-netscaler-cli-configurati...

andrewswanson · 05-27-2024

HiI'm using a 3rd party signed certificate on ISE 3.2 patch 3 for EAP authentication.This certificate has 2 Alternate Certificate Chains. ISE currently has the top path/chain installed in its Trusted Certificates store for chaining the EAP certificat...

andrewswanson · 02-29-2024

HiI'm trying to profile a Summa vinyl cutter on ISE 3.2 patch 3. ISE profiler feed is up to date and the device is listed with the following MAC OUIOUI IEEE Registration AuthorityWhen I looked up the MAC Address on the IEEE site, the first 6 characte...

andrewswanson · 01-25-2024

HiI'm looking at configuring a Catalyst C9300L-48P-4X running 17.09.04a to support both Dante and AES67.The switch is L2 with SVIs on upstream switch - all Dante/AES67 devices will connect only to this switch so no configuration is required upstream....

andrewswanson · 01-17-2025

Citrix support came back with a fix for this using the rule below:CLIENT.UDP.RADIUS.ATTR_TYPE(31) ALT RADIUS.REQ.NAS_IP_ADDRESS.VALUE.TYPECAST_TEXT_TWith this rule, persistence uses string2 (NAS IP Address) if the evaluation of string1 (calling-stati...

andrewswanson · 01-09-2025

I've done some more testing for CTS RADIUS persistence on a Citrix loadbalancer running 14.1 code. For this test I used:NAD: Cisco Catalyst 9k running 16.12.11 - switch has a management IP Address of 10.40.110.20802.1x client: MAC Address bc:0f:f3:74...

andrewswanson · 11-30-2024

Thanks for that ArneCurrently using Netcaler for RADIUS (MAB, 802.1x and CTS) as well as for ISE probes (snmp trap and dhcp). It works well (the recent CTS issues aside) and simplifies the NAD configuration.I think that a Netscaler upgrade from 13.1 ...

andrewswanson · 11-12-2024

HiDo you have "user or computer authentication" mode selected on the supplicant? hthAndy

andrewswanson · 11-08-2024

@tcomtom HiDid you hear back from Citrix support regarding backup persistence for rule based persistency?I'm using persistency groups to share persistence between RADIUS authentication and accounting VIPs.When I add the following from the cli:add lb ...

Member Since	‎05-02-2006 05:16 AM
Date Last Visited	‎02-27-2025 08:09 AM
Posts	770
Total Helpful Votes Received	600

User Statistics

User Activity

Wired CWA stops working after patching to ISE 3.2 patch 7

ISE RADIUS persistence on Citrix Netscaler query

ISE EAP Certificate with Alternate Certificate Chain

Cisco ISE profiler feed and 28 bit MAC OUI's

AES67 and Dante on Catlayst 9300 query

Re: ISE RADIUS persistence on Citrix Netscaler query

Re: ISE RADIUS persistence on Citrix Netscaler query

Re: ISE RADIUS persistence on Citrix Netscaler query

Re: TEAP Problem with Windows 10, ISE 3.2 with Patch 7 and EAP Chainin

Re: Citrix Netscaler CLI configuration for Cisco ISE RADIUS and TACACS