Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I installed AnyConnect 3.1.04063 on a win7 box. It's set up with two admin-defined wired network profiles: One for EAP-TLS machine auth and one for unauthenticated access. The EAP-TLS autheticated just fine when connected to a corporate-owned switch,...
http://www.cisco.com/en/US/ts/fn/636/fn63635.htmlI have an ISE system which was affected by this issue; after a save the auth rules were in a jumble.Does a simple reorder and save sort everything out, or is TAC intervention actually required?As a qui...
I have a standalone ISE, running at 1.1.4.218.I am attampting to upload/install the patch bundle, and nothing appears to happen. Under patch management, I see "no data available". In the Operations Audit reports, there is no record of a patch install...
Seeing a weird thing, wondering if someone else has seen it before I run to TAC.There are two Win7 SP1 PCs (A & B), plugged in to a 3750-x (v12.2-58-SE2), on ports 33 and 41.The ports are configured for 802.1x, auth order of MAB then Dot1x. Priority...
Is there a way to differentiate based on certificate issuer or CA on ISE? I have a set of devices that I want to get authorization profile A if they authenticate via EAP-TLS using certificates from CA-1, and profile B if the cert is from CA-2. Is thi...
Edit: Found it. Connection timeout for the 802.1X wired network must be less than startPeriod * maxStart if the intended behavior is to fail to another netowrk in the list. Hooray for RTFM!
Best way would be to run a MS CA, use GPO to push certs to the computers and set up the local supplicant (again via GPO) to use EAP TLS. It's not bad if you're all Win7. If you have some XP machines, a separate policy will be required.We did this and...
