About jacksonben

jacksonben · 05-23-2025

Good morning all.I feel I know the answer to this one, but does anyone know if ISE will gracefully shutdown (i.e. run application stop ise, followed by halt) when sent the shutdown signal from a Hyper-V host?My server team of course prefer if this is...

jacksonben · 02-28-2025

Hello all, could I get some advice on the ISE policy rules that you use to distinguish your users who may omit their domain suffixes when connecting to wireless (PEAP/MSCHAPv2)?We have some rules in place already, which I will detail below, but some ...

jacksonben · 09-10-2024

ISE 3.2 Patch 6We are having a recurring issue that is really becoming a problem now with some MAC addresses dropping their identity group after being placed into one.Example:1) Add MAC address to Identity group through Context Visibility -> Endpoint...

jacksonben · 08-15-2024

I am testing using automartport macros to enable a port for trunking to support Ap's in flexconnect mode (NEAT with templates doesn't work for us because you can't change to multi-host). This is generally all working ok with macros, however I have no...

jacksonben · 11-08-2023

We are in the process of moving from ISE 2.7 to ISE 3.2 and I am having real difficulty with the new user interface, specifically when selecting authorization policy results.The ISE 2.7 UI is perfectly clear and usable but the ISE 3.2 one is extremel...

jacksonben · 03-06-2025

Ok we have figured it out, the rule is matching whatever is configured in the "anonymous identity" field of the wifi setup (at least on Android).If left at the default "anonymous" it will not be matched by a rule looking for "@". I imagine ISE is onl...

jacksonben · 03-03-2025

I'm somewhat reassured that you are seeing the same problem! I have not yet raised a TAC case, I made this community forum post first to make sure I was not doing something stupid in my rules. But now it looks like it is a real issue.Further testing ...

jacksonben · 03-03-2025

Thank you for taking the time to reply. It looks like there is some scope for improving our ruleset there.As an educational organisation we also have a requirement to authenticate visitors from other educational organisations as well, so we do need t...

jacksonben · 11-04-2024

The error 12953 does not relate to passwords at all, but can occur if you have a load balancer in front of ISE and your persistence algorithms are not working. Thus initial radius packets are seen by one PSN, but subsequent packets end up on a differ...

jacksonben · 10-15-2024

I'm afraid not, in fact I was given to understand that this issue was 3.2 specific and the bug tracker only lists 3.2p6https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk94725The previous 3.2 patch 6 had what sounded like a similar resolved caveat as...

Member Since	‎03-16-2017 05:39 AM
Date Last Visited	‎05-23-2025 01:51 AM
Posts	21
Total Helpful Votes Received	6

User Statistics

User Activity

Graceful shutdown on virtual client (Hyper-V)

Advice on policy rules for usernames with and without domain

MAC addresses being removed from identity group

macros and ISE for flexconnect AP - auth sessions appearing on uplink

Having trouble with the new UI on ISE 3.2

Re: Advice on policy rules for usernames with and without domain

Re: Advice on policy rules for usernames with and without domain

Re: Advice on policy rules for usernames with and without domain

Re: 12953 Received EAP packet from the middle of conversationthat cont

Re: MAC addresses being removed from identity group