Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,we increasingly rely on MACsec to encrypt our point-to-point WAN lines. The only question now is how a packet capture for analysis can be performed on the encrypted lines.Until now, the data of the WAN lines ran through permanently installed TA...
In the last days I have been working with the guest portals of the Cisco ISE (v2.1.0). My result: "Broken By Design".
We are currently using Local Web Authentication (Layer 3 Auth) on the Cisco WLC. The WLC forwards the username/password by radius ...
We are currently switching our Cisco phones to new call manager, for this it is necessary for some phones to have separate DHCP options.Therefore I would like to move the individual phones by MAC address groups in a separate voice VLAN.As described h...
Hello,we plan to use dynamic vlan with cisco switches (IOS Version 15.2.x) and cisco ISE (2.1.0), this works so far.For the error case, I would like to set the dead action vlan dynamically.The only possibility I know is the AutoSmartPort feature on t...
I would like to allow the access to a sponsor portal only for certain AD groups, is this possible?I have already created a sponsor group with the necessary ad groups, but I find no way to allow only this sponsor group for the login at the sponsor por...
After reading the description, I still think that Cisco didn't give enough thought to implementing CWA portals, otherwise I can't explain this catastrophic implantation. I cannot send "ordinary users" (who have no idea of technology) through a comple...
I want to do exactly this, I want to authenticate external employees with AD accounts using the AD Group to bring their private devices into our Internet WLAN. Only the members of one AD Group should get access, all others should get an error messag...
I use this for mac ec8e.b567.d0c0 Authentication PolicyTEST1: if RADIUS:Calling-Station-ID STARTS WITH ec:8e:b5 (type MAC adress) use Internal Endpoints Authorization PolicyTEST1: if RADIUS:Calling-Station-ID STARTS WITH ec:8e:b5 (type MAC adress)...
We have ADs with more than 10.000 users and it is not desired to move users within OUs, only AD groups work
Therefore I had the idea with a LDAP proxy. In the LDAP Proxy only the desired AD groups are deposited and the ISE receives a deny from the ...
