Hi All, Any assistance would be greatly appreciated. I am sending radius auth logs to a Palo Alto for identity based policies. It works, but it seems every type of device sends the logs in a different manner for exampleUserName=DOMAIN\\isetestUserN...
Howdy,
I havent done an ISE deployment in a very long time, when thinking about it now, I have gotten myself stuck in a thought loop.
When minimizing SSID's, so a single SSID for all users except guests to connect to, how or even why is there a...
Hi,
We are running ISE 2.2 and have moved onto the posture stage.
The redirect works, the agent gets installed, there is some scanning done and the laptop passes compliance.
The NAC agent only seems to pick up Windows defender, I have tried to ma...
Hi,
I have an issue with CWA on the above mentioned devices.
The redirect seems to have issues, the debug on the WLC shows the redirect URL is being sent, but I get this
May 23 10:00:53.387: WA-HTTPD: [10.11.4.58 ] fd=4 HTTP Intercept, session no...
Howdy, So I have a small issue in my lab.I have setup H-VPLS with BGP autodiscovery. All cicruits are up, everything seems great. Problem is I only get 1 way traffic. From Test_A, I see the mac address from Test_B. I dont see the other way round. Ho...
Thanks for the quick reply. It kind of makes sense, but what if a client wants to use cert auth for everything. I get that you can do different things with the cert fields, but if the users are using a single SSID deployment, how is it possible to di...
Hi,
Thank you for the response, it seems as if there are no endpoints appearing in the posture assessement report.
I assume this means the agent is not able to get to the ISE even though it mentions posture succeeded.
The ISE shows device is com...
Hi,
I have included the debug to include the redirect
May 25 11:01:54.181: %IOSXE-7-PLATFORM: 1 process wcm: 2418.1d5b.c584 Posture or Central Web Auth client, start session on IOS after client moves to RUN stateMay 25 11:01:54.181: %IOSXE-7-PLA...
Hi,
This version of WLC software doesnt seem to have the COA under server groups -> Radius
With regards to the preauth ACL, I have utilized deny's for the DNS and ISE traffic and allow for http / https for redirection.
Should I not have the HTT...