About Martin Jelinek

Martin Jelinek · 12-03-2025

Hello everyoneDoes anyone has an experience with ISE (3.x) configuration related to 802.1x for wired clients connecting to network where identity lookup in AD shouldn't be done?We have some specific use case for clients who are issued with certificat...

Martin Jelinek · 09-24-2023

Hello.May I ask you if anyone knows what are the license requirements for successful migration from AnyConnect 4.x to Secure Client 5 from license point of view?As usual Cisco doesn't make it anyhow easy to understand and available Q&A section is qui...

Martin Jelinek · 10-14-2022

Hi all,Though someone might be able to give me some better understanding about CDO features. I thought to be impressed by CDO but during testing my "whoa" effect has not arrived (yet) about CDO and it's potential.... Maybe just in points:Is there a w...

Martin Jelinek · 09-27-2022

Hi all,I'd like to kindly ask you if you guys have any experience or even recommendation how to "modify"/"update" Wireless Guest portal running on ISE with additional login option for employees ideally "hidden" one.At the moment CWA is configured wit...

Martin Jelinek · 05-26-2022

Dear all Does anyone face an issue with calling API to create Guest wireless accounts with Cisco ISE (we are running version 2.6 with latest patch#9).There are brilliant articles and pretty straightforward from Cisco and even here on community:https:...

Martin Jelinek · 12-09-2025

I will be able to test hopefully next week, though SAN entry is natural choice as that is something our PKI is prepared for to specifically change for certain clients. Think I can use other certificate attribute like Certificate Template used which w...

Martin Jelinek · 12-04-2025

I can give a try, though this would be quite unfortunate as Windows 11 are by nature manage through EntraID and therefore are not part of internal domain ISE uses for identity lookups...That is the reason why we are looking into verification of the c...

Martin Jelinek · 12-03-2025

Hi, yes I have a client to test this policy with and I can always see in log details (steps) involving identity lookup which shouldn't be happening, to my understanding.Policy is quite simple.Policy matching criteria is based on Wired_802.1X using TL...

Martin Jelinek · 12-03-2025

I know ISE is a beast though I would normally expect in CAP to simply say "don't validate identity" to keep it simple, though not simple as that.

Martin Jelinek · 12-03-2025

Hi @Rob Ingram @Cristian Matei My CAP is configured as per attachment and there is no option to "exclude" such AD lookup as far as I can tell..However, even though I can see in log entries that processing is trying to query domain for an identity che...

Member Since	‎10-19-2012 01:13 AM
Date Last Visited	‎12-08-2025 02:30 PM
Posts	85
Total Helpful Votes Received	20

User Statistics

User Activity

ISE - 802.1x certificate authentication without identity lookup in AD

Cisco Secure Client 5 - migration guide from AnyConnect 4 on ASAv

CDO - feature and possibilities - understanding

ISE - Wireless Guest portal - allow AD based login to existing portal

ISE Sponsor Guest account creation API (ERS) with 401 – Unauthorized

Re: ISE - 802.1x certificate authentication without identity lookup in

Re: ISE - 802.1x certificate authentication without identity lookup in

Re: ISE - 802.1x certificate authentication without identity lookup in

Re: ISE - 802.1x certificate authentication without identity lookup in

Re: ISE - 802.1x certificate authentication without identity lookup in