Team - we are having issue with our guest ISE portal for apple devices.Once the device passes successfully captive portal authentication, the cancel button on the top right does not change to Done.When we change our redirect ACL to permit all, it wor...
Team, below is my current deployment: ISE1 : Admin and MnT personas SEC(A), PRI(M)ISE2 : Admin and MnT personas PRI(A), SEC(M)2 PSNs. In preparation of ISE upgrade from 2.3 to 2.7, I would like to promote ISE1 primary, ISE2 Secondary in order to star...
The switch port configs looks good to me, it will failover to mab AuthC after dot1x Authc attempts expire.I guess you created an Endpoint Identity Group list "Printer", and added the MAC Address statically in there.Your Wired policy set rule for your...
@m.humbert - Yes. Like @Rob Ingram said, you can list those in a group and used the group name in your aaa statements. The first in the list is the active one; if down, the switch try the next and so on.On some platforms, it could look like this: s...
I believe I ended up using below ACL on the WLC side just like Arne Bier advised: deny any any udp eq domaindeny any any udp eq domaindeny any PSN ipdeny PSN any ippermit any any ip I would suggest to focus a bit more on the iOS Captive Network Assis...
That did not work.The ACL was working just fine on 5500 WLC but seems like we need more readjustments on 9800 WLC. Tried 3 different ACL scenarios on 9800 WLC: 1 -deny any any Works great for all devices 2 -deny DNSdeny PSN IPspermit any anyDevices ...
