Hi,
I'd like to confirm if ISE profiling work well with accounting (without authentication) traffic from device sensor enabled WLC.
Under customer POV, we can change accounting configuration on existing WLC but its authentication have to be done by o...
Hi,
Does ISE support expired password change feature via AnyConnect VPN connection for internal user (not AD/LDAP) ?
https://www.cisco.com/c/en/us/support/docs/network-management/remote-access/116757-config-asa-remote-00.html#anc8
Best Regards,
Kao...
Hi,
Customer requirement is EAP-TLS authentication with CN matching via ISE internal user DB.
I have tested that ISE 1.x works with below authorization condition.
InternalUser:IdentityGroup EQUALS User Identity Groups:XYZ
Is this condition still...
Hi,
In ISE 2.4, can we send internal user password expiry notification to user, if user mail account and SMTP server is configured appropriately?
If yes, is this email text configurable? I can't find any related setting so far.
Best Regards,
Kaori
I found the answer from the link you shared. It says "Device Sensor can be deployed across wired access switches and wireless controllers for both RADIUS-authenticated environments and other types of deployments such as a pre-ISE discovery phase." So...
Thank you for comment. We're checking the other probe possibility but would like to understand if WLC accounting is one of the solution or not. Do you mean accounting only won't work?
Thank you Hsing-Tsu.
From attached customer log, Identity Group is categorized as "Profiled" only and no information about user groups.
Can I check more details with any debug logs?
As this customer is under evaluation, I'd like to investigate as fa...
Thank you Jason and sorry for that. I'm checking this configuration in my lab.
Update:
It works well with "change password on next login", but not with password expiry because of account disable.
It seems ACS-RESERVED-Never-Expired attribute is no...