Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Creating a BYOD policy using ISE and a WLC. I have everything working except i'm missing something with the FlexConnect ACL defined.In the attached example, the goal is to allow communication to the ISE servers (172.30.10.81/80) as well as DHCP/DNS ...
We have successfully deployed the TEAP policy using Cisco's documentation . The challenge seems to be that the Machine Compliant policy is the only hit we are getting. Never hits the Fully Compliant policy.Windows supplicant is provisioned as per ...
I have a DACL being applied allowing 445 access to an internal resource. Is there a way to allow the internal resource reverse access so it can access the restricted device on 445 as well?
Deploying ISE and trying to finalize some restrictions. It seems the DACL defined in ISE is not what the switch is applying to the port. Any ideas why the switch is changing the deny statements? ISE 3.1 (patch C1000-8FP-E-2G-LHere is what we have d...
We have a separate guest and BYOD portal group for wireless. We have CNA disabled for both networks due to the forwarding issue with apple devices (well documented). Our issue is with our BYOD portal. When the user trying to register an iphone/ipad...
I think I answered my own question? But I didn't realize FlexConnect ACL's were in both directions - so when the external traffic tried to come back in, if I didn't have the local subnet allowed, it would hit the deny statement and be blocked.
@Aref Alsouqi But wouldn't the "Any subject or Alternative Name.." checkbox cover that? And also - would I have to create two separate profiles - 1 for users and 1 for machines?
@Rob Ingram If I change the supplicant to be MSCHAP and the user types their credentials, I hit the "Fully Compliant" policy. With how ISE evaluates, would the policy care between cert based or password based?
EAP_Chaining uses the certificate auth profile referencing our domain certs then active directory. The cert profile looks in the subject or alternative name attirbute.
