Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Users connect to wifi and and auth'd against LDAP and assigned a VLAN based on LDAP info UNLESS they are on a mobile device. In that case they're assigned to a "mobile" VLAN for all the personal phones, tablets, etc.
This is working great except that...
Just rolled out .1x for employees and the very next week someone brings in a contractor. They're not in LDAP so I'm planning to creating a user internal to ISE but I'd like to set a date limit on their access rather than trust someone to come back a...
NAT question on 2801 with IOS 12.3:I need three internal addresses to NAT to one external IP for outbound traffic but for inbound traffic I'd like that same external IP to map to one of the internal IPs.Example:Outbound - Internal 10.10.10.10, .11, ....
We recently upgraded from LMS 2.1 to 2.5 and I've been severely disappointed. We've wanted to use CiscoWork to manage inventory, IOS and configuration for about 400 devices. Between the extremely annoying interface and the hit-and-miss operation of ...
In LMS 2.1 RME kept a text version of the config file with a human readable name in the directory D:/Progra~1/CSCOpx/files/archive/shadow/. There's no such directory for LMS 2.5 and I'm hoping they've just moved it rather than doing away with it. Doe...
We're using LDAP but not AD.
My rule 1 matches on the device being in the Mobile-Device LogicalProfile. I suppose I could override that with a particular LDAP group but our LDAP implementation isn't exactly easy to work with and I'm not the admin so...
Solved my own problem again.
Looking at an endpoint debug shows the IdentityGroup is empty so that explains why I can't match it.
Looking for other options I found I could build the following condition:
Radius:Calling-Station-ID NOT Equals BYPASSMAC1...
