About ChristianBur

ChristianBur · 10-09-2019

Hello,we increasingly rely on MACsec to encrypt our point-to-point WAN lines. The only question now is how a packet capture for analysis can be performed on the encrypted lines.Until now, the data of the WAN lines ran through permanently installed TA...

ChristianBur · 09-19-2018

In the last days I have been working with the guest portals of the Cisco ISE (v2.1.0). My result: "Broken By Design". We are currently using Local Web Authentication (Layer 3 Auth) on the Cisco WLC. The WLC forwards the username/password by radius ...

ChristianBur · 12-14-2017

We are currently switching our Cisco phones to new call manager, for this it is necessary for some phones to have separate DHCP options.Therefore I would like to move the individual phones by MAC address groups in a separate voice VLAN.As described h...

ChristianBur · 08-24-2017

Hello,we plan to use dynamic vlan with cisco switches (IOS Version 15.2.x) and cisco ISE (2.1.0), this works so far.For the error case, I would like to set the dead action vlan dynamically.The only possibility I know is the AutoSmartPort feature on t...

ChristianBur · 07-12-2017

I would like to allow the access to a sponsor portal only for certain AD groups, is this possible?I have already created a sponsor group with the necessary ad groups, but I find no way to allow only this sponsor group for the login at the sponsor por...

ChristianBur · 01-15-2019

After reading the description, I still think that Cisco didn't give enough thought to implementing CWA portals, otherwise I can't explain this catastrophic implantation. I cannot send "ordinary users" (who have no idea of technology) through a comple...

ChristianBur · 01-15-2019

https://community.cisco.com/t5/other-security-subjects/is-possible-to-use-cwa-chaining-with-mab-authentication/m-p/3779687#M148685

ChristianBur · 01-14-2019

I want to do exactly this, I want to authenticate external employees with AD accounts using the AD Group to bring their private devices into our Internet WLAN. Only the members of one AD Group should get access, all others should get an error messag...

ChristianBur · 12-20-2018

I use this for mac ec8e.b567.d0c0 Authentication PolicyTEST1: if RADIUS:Calling-Station-ID STARTS WITH ec:8e:b5 (type MAC adress) use Internal Endpoints Authorization PolicyTEST1: if RADIUS:Calling-Station-ID STARTS WITH ec:8e:b5 (type MAC adress)...

ChristianBur · 10-29-2018

We have ADs with more than 10.000 users and it is not desired to move users within OUs, only AD groups work :-/ Therefore I had the idea with a LDAP proxy. In the LDAP Proxy only the desired AD groups are deposited and the ISE receives a deny from th...

Member Since	‎07-12-2017 04:47 AM
Date Last Visited	‎11-03-2019 11:44 PM
Posts	21
Total Helpful Votes Received	13

User Statistics

User Activity

Packet Capture‎ with MACSec/802.1AE

Cisco ISE CWA (Guest Portal) Authentication -> Broken By Design

EAP-TLS Auth combine with mac-address-group (EAP-TLS and MAB)

parameter AutoSmartPort, dynamic dead action vlan

Access to sponsor portal only for certain AD groups

Re: Is possible to use CWA Chaining with MAB authentication?

Re: Cisco ISE CWA (Guest Portal) - Broken By Design

Re: Is possible to use CWA Chaining with MAB authentication?

Re: Great !! Glad to hear its

Re: Cisco ISE CWA (Guest Portal) - Broken By Design