About David Fitzgerald

David Fitzgerald · 05-01-2017

Ever since we updated to patch 3, we have seen a lot of dead radius server messages, especially when users are accessing the network via wireless controllers. We have a guest portal tied to AD, and the wireless access is practically unusable, due to...

David Fitzgerald · 03-30-2017

I'd like to be able to define a "VLAN of last resort", which is where a user ends up under the following scenarios: The User fails to authenticate via either MAB or Dot1XDespite being able to authorize, the user chooses to VLAN deliberately. ISE 2.1...

David Fitzgerald · 03-30-2017

We have a situation that we are trying to get a handle on, so I thought I'd post here. We are running ISE 2.1 patch 3 and or common switches are 3850s running 03.07.04E. We have six PSNs, and two masters and loggers. Two of the PSNs are dedicated ...

ISE and User Certificates · 02-24-2017

We are using EAP-TLS as part of our AuthZ Rule set and I'm curious if there is a best practice method in dealing with a user certificate. I have a mixture of PCs and MACs. With my PCs, we are also using NAM, so EAP Chaining is available. EAP Chanin...

David Fitzgerald · 02-02-2017

I had opened a TAC case with this issue, and their recommendations as a work around leave a few things to be desired, so I thought I would throw this out there. On our 3850 switches, running 03.07.04E, we have aaa group server radius ISEserver name ...

David Fitzgerald · 05-01-2017

Sorry for the Correct Answer tag. I hit the wrong button, and couldn't figure out how to undo. We've gone as far as to bring up two PSNs specifically for wireless traffic, and the Wireless PSNs are much less busy than the wired PSNs, so it's not a l...

David Fitzgerald · 02-27-2017

There is a rather involved write up for this here. We're also considering the F5 as an option. In the mean time, I've determined that almost all of the Cisco background on 802.1X was written prior to CoA, and that the TAC still believes that a batch...

David Fitzgerald · 02-02-2017

It appears to be that CSCuy94702 affects 03.07.04E, and not just 03.06.03E.

David Fitzgerald · 02-02-2017

We figured it out... ip dhcp relay information option is enabled by default. Deleting it fixed our issue.

David Fitzgerald · 01-12-2017

This issue no longer affects me, as it was two jobs ago. As I recall, we did figure it all out, but the one issue was a matter of timing. If a external user connected to Expressway and then used the AnyConnect client to VPN in, some users complaine...

Member Since	‎03-27-2012 02:20 PM
Date Last Visited	‎08-18-2017 04:00 AM
Posts	77
Total Helpful Votes Received	5

User Statistics

User Activity

ISE v2.1 patch 3 issues

ISE and VLAN of Last resort

ISE & Guest Portals

ISE and User Certificates

ISE AAA load-balancing issues

Sorry for the Correct Answer

There is a rather involved

It appears to be that

We figured it out...

This issue no longer affects