Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We are using 802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT) But I am currently struggling to find a solution when authenticator switch cannot reach configured RADIUS servers (Cisco ISE). I was reading 802.1x Aut...
When a clients connects to our wireless networks the endpoints shows up under Context Endpoints on ISE. Since we only have one controller but we have multiple remote office and we are using Flexconnect everyone who gets profiled the network device is...
If I am using 802.1x as my authentication I don't need to Active Directory probe right?
Here are my switch config
class-map type control subscriber match-all DOT1X_NO_RESP match method dot1x match result-type method dot1x agent-not-found
class...
I think this bug is hitting our ISE and we are not able to use AD-Join-Host-Point as one of authentication for host.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf55996
We are still in testing our Guest services that is directly connected to DMZ,
Employee laptop wireless to SSID Employee VLAN998 AP -> SW -> FW -> ISP1 -> Internet
Employee laptop wired to VLAN997 -> SW -> FW -> ISP1 -> Internet
Guest laptop wirele...
I am testing these "Define a Service-template that invokes the template to be enforced on AAA Server failure""Define the class, event and action under the subscriber policy-map to handle Critical authorization""To activate a local service template, w...
There is one AP right now that shows up on the context visibility. I don't understand why and how just suddenly showed up.
I did got this message that unknown NAD and this is not our WLC. So I started adding AP to the NAD devices on ISE but it ha...
I think this is similar to our deployment now. I have all new stack switches with 802.1x configured on all switchports and created a groups phase 1 just basically every switches on the new building so anyone connecting to these switches will grant ac...
Did you had to build your database for ISE to know all the endpoints? Like you had to do phase 1 pretty much have ISE to allow anything before creating your policy sets right?
That was my thought is dot1x first then mab. Your suggestion is to use different class control so it will match-all the dot1x first then after endpoints didn't match the dot1x control class the switch will trigger the next class control for MAB.
