Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About jasonjones233
Stats
Member since
01-15-2007
117
Posts
1
Helpful
2
Solutions
Created by
jasonjones233
in Network Access Control
in Network Access Control
03-27-2020
03:33 AM
03-27-2020
03:33 AM
Hi Greg, Is the below necessary? Use Explicit UPN To reduce ambiguity when matching user information against Active Directory's User-Principal-Name (UPN) attributes, you must configure Active Directory to use Explicit UPN. Using Implicit UPN can produce ambiguous results if two users have the same value for sAMAccountName. To set Explicit UPN in Active Directory, open the Advanced Tuning page, and set the attribute REGISTRY.Services\lsass\Parameters\Providers\ActiveDirectory\UseExplicitUPN to 1.
... View more
Created by
jasonjones233
in Network Access Control
in Network Access Control
03-26-2020
04:04 AM
03-26-2020
04:04 AM
Hi All, Receiving an authentication error in ISE (2.x) relating to user certificate ambiguity. Setup - AD Join connector configured for user and machine in several domains. Clients - Win 10 - EAP-TLS for machine and user network access. Issue: Single domain user account in DomainA or DomainB works fine, but when trying to auth a client with identical user accounts in DomainA&DomainB authentication is rejected due to multiple matching records "resolve certificate identity ambiguity using certificates match". Question - How to accommodate a user in multiple domains for authentication? Cheers,
... View more
- Tags:
- ise
Labels:
Created by
jasonjones233
in Wireless Security and Network Management
in Wireless Security and Network Management
03-18-2020
05:51 AM
03-18-2020
05:51 AM
Turned out to be a known BUG - Patch fixed issue, thanks for the reply.
... View more
Created by
jasonjones233
in Wireless Security and Network Management
in Wireless Security and Network Management
03-11-2020
04:41 AM
03-11-2020
04:41 AM
Hi All, Having issues joining a 5520 WLC(SSO) into an ISE 2.6 (CTS) environment, for some reason the WLC can not retrieve environmental data or SGT info. Latest version of code running on the WLC. Looks to be related to CoA not being excepted by the WLC from ISE? Using 9500/9200 switch platform environment and these work fine with CTS. Cheers!
... View more
12-18-2019
05:28 AM
Hi Reza, As I suspected! Code version 16.9.4 and below does not support the SVL feature. TAC engineer recommended 16.12.2 as a minimum due to the switches being the high performance models utilising different ASIC's. Trying this now to ascertain if this actually works. Not sure where you got your info from? Thanks anyway for the reply. Jay
... View more
12-13-2019
05:40 AM
Hi All, Trying to install code cat9k_iosxe.16.09.04.SPA.bin (MD) on to the switch, getting an error: Any ideas please as I have tried several times and the error is the same. Error from cli: Switch#install add file flash:cat9k_iosxe.16.09.04.SPA.bin activate commit install_add_activate_commit: START Fri Dec 13 12:54:18 UTC 2019 install_add_activate_commit: Adding PACKAGE install_add_activate_commit: Checking whether new add is allowed .... FAILED: install_add_activate_commit : Super package already added. Add operation not allowed. 'install remove inactive' can be used to discard added packages Switch#
... View more
Labels:
12-11-2019
09:27 AM
Hi Reza, The link to the doc tells me how to configure SVL, my question was are the 9500 high performance switches able to support SVL. I only ask as because the release notes say not supported. Cheers,
... View more
12-11-2019
07:13 AM
Hi All, Does the high performance Cisco 9500 switches (C9500-48Y4C) support SVL? Cisco IOS XE Fuji 16.9.x Unsupported Features—Cisco Catalyst 9500 Series Switches - High Performance Cisco Application Visibility and Control (AVC) High Availability—Cisco Stackwise Virtual, Stateful Switchover (SSO), In Service Software Upgrade (ISSU), Nonstop Forwarding (NSF) (Enhanced Interior Gateway Routing Protocol (EIGRP) NSF and Open Shortest Path First (OSPF) NSF, NSF support for IPv6, NSF Awareness (BGP, EIGRP, OSPF)) MPLS Label Distribution Protocol (MPLS LDP) VRF-Aware Static Labels Next Generation Network-Based Application Recognition (NBAR) and Next Generation NBAR (NBAR2) QoS Options on GRE Tunnel Interfaces Thanks in advance for any replies.
... View more
Labels:
Created by
jasonjones233
in Wireless Security and Network Management
in Wireless Security and Network Management
10-08-2019
05:19 AM
10-08-2019
05:19 AM
Hi Rasika, Many thanks for the reply, just to confirm the TrustSec solution: Components: ISE, 9500, 9200, 5520. That dynamic vlan assignment is feasible using in-line SGT features having a consistent vlan (IP Subnet) model assigned for all users irrespective of their location or the connection method used (Wired or Wireless). E.G. HR - VLAN 10 - SGT 10 (wired and wireless) R&D - VLAN 20 - SGT 20 (wired and wirless) VIP Corp - VLAN 30 - SGT 30 (wired and wireless) Appreciate the support.
... View more
Created by
jasonjones233
in Wireless Security and Network Management
in Wireless Security and Network Management
10-07-2019
10:00 AM
10-07-2019
10:00 AM
Hi All, Please help - Need verification that the WLC 5520 can do SGT in parallel with dynamic VLAN assignment. Cheers,
... View more
10-18-2018
04:55 AM
Hi All,
Is Cisco LR (as opposed to SR) fibre SFP's recommended for virtual stacking switches together?
Do I need to use single mode fibre or will multi work.
Cheers,
Jay
... View more
Labels:
Created by
jasonjones233
in Network Access Control
in Network Access Control
09-24-2018
09:01 AM
09-24-2018
09:01 AM
Hi gbekmezi-DD,
Appreciate the response, this is more of an upgrade than scaling out. All personas are active and there are only 2 appliances.
So I expect to be backing up ver 2.0 then restoring on ver 2.4 (If possible).
Cheers, Jay
... View more
Created by
jasonjones233
in Network Access Control
in Network Access Control
09-24-2018
08:09 AM
09-24-2018
08:09 AM
Hi Community,
Looking for some up-to-date documentation on how to migrate from a ISE appliance to a virtual ISE instance.
Looking for any gotchas regarding licensing etc. Or is this just a backup and restore task? Or would it be easier to build the platform and then transpose configuration manually?
Any help would be appreciated.
... View more
Labels:
Created by
jasonjones233
in Network Access Control
in Network Access Control
04-09-2018
05:41 AM
04-09-2018
05:41 AM
Hi All,
Any suggestions on how to sync my Primary monitoring PSN? For some reason this PSN will not sync even with a manual "Syncup" action.
is it recommended to deregister then register?
Monitor PSN 02 (Secondary) is working fine.
Cheers,
Jay
... View more
Labels:
03-22-2018
05:16 AM
Hi Paul,
Thanks for the reply, as stated in the initial post. CPU usage is not the issue its more memory usage and why it seems to be creeping up that's of concern, I was under the impression that the PAN and SAN would be utilised in a similar manner. In my case the PAN is at 62% memory utilisation and the SAN is 20% memory utilisation.
Do you think this my be a direct result of a memory leak problem?
Cheers,
Jay
... View more
Created by
jasonjones233
in Network Access Control
03-27-2020
03-27-2020
Hi Greg,Is the below necessary?Use Explicit UPNTo reduce ambiguity when
matching user information ag...
Created by
jasonjones233
in Network Access Control
03-26-2020
03-26-2020
Hi All,Receiving an authentication error in ISE (2.x) relating to user
certificate ambiguity.Setup -...
Created by
jasonjones233
in Wireless Security and Network Management
03-18-2020
03-18-2020
Turned out to be a known BUG - Patch fixed issue, thanks for the reply.
03-11-2020
Hi All, Having issues joining a 5520 WLC(SSO) into an ISE 2.6 (CTS)
environment, for some reason the...
12-18-2019
Hi Reza, As I suspected! Code version 16.9.4 and below does not support
the SVL feature.TAC engineer...
12-13-2019
Hi All, Trying to install code cat9k_iosxe.16.09.04.SPA.bin (MD) on to
the switch, getting an error:...
12-11-2019
Hi Reza, The link to the doc tells me how to configure SVL, my question
was are the 9500 high perfor...
12-11-2019
Hi All, Does the high performance Cisco 9500 switches (C9500-48Y4C)
support SVL? Cisco IOS XE Fuji 1...
10-08-2019
Hi Rasika, Many thanks for the reply, just to confirm the TrustSec
solution:Components: ISE, 9500, 9...
10-07-2019
Hi All,Please help - Need verification that the WLC 5520 can do SGT in
parallel with dynamic VLAN as...
10-18-2018
Hi All, Is Cisco LR (as opposed to SR) fibre SFP's recommended for
virtual stacking switches togethe...
Created by
jasonjones233
in Network Access Control
09-24-2018
09-24-2018
Hi gbekmezi-DD, Appreciate the response, this is more of an upgrade than
scaling out. All personas a...
Created by
jasonjones233
in Network Access Control
09-24-2018
09-24-2018
Hi Community, Looking for some up-to-date documentation on how to
migrate from a ISE appliance to a ...
Created by
jasonjones233
in Network Access Control
04-09-2018
04-09-2018
Hi All, Any suggestions on how to sync my Primary monitoring PSN? For
some reason this PSN will not ...
Public Statistics
| Date Registered | 01-15-2007 12:40 PM |
| Date Last Visited | 04-02-2020 04:35 AM |
| Total Messages Posted | 117 |
| Total Helpful Votes Received | 1 |
.jpg "Hall of Fame Guru"){kind=icon}
.jpg "VIP Mentor"){kind=icon}
