About grabonlee

grabonlee · 03-03-2020

Hi I have upgraded to ISE 2.6 patch 4 and recently installed Patch 4 Hotfix. I noticed that a users in AD group for OWN_ACCOUNTS set to "Approve/View Only pending accounts assigned to this sponsor" don't see the approved guest account with One-Click ...

grabonlee · 03-03-2020

Hi,I have been able to change the Help link on the Sponsor Portal login and Account portal pages. However, I noticed that this change didn't affect the One-Click Approval page when the Sponsor clicks the Approve/Deny email. Under Portal > Manage & Ap...

grabonlee · 12-02-2019

My set up is foreign-anchor with ISE PSN for Guest in the DMZ. Replication/Sync is ok between the Admin node and Policy node in the DMZ. ISE version is 2.4 I am able to self-register and Sponsor approves. Guest then gets an Email, but is unable to lo...

grabonlee · 10-23-2017

Hello,I fully understand how ISE interface alias works for Portal services on non-Eth0. My question is regarding EAP Cert using Public CA. I will use the following scenario:ISE hostname = ise1.company.localEAP SAN = ise1-aaa.company.comInterface = Et...

grabonlee · 12-13-2015

Hi, I have noticed that when the Access Time allowed is set for a guest type, it doesn't automatically set the duration period in the Sponsor portal account creation page under the Access Information column. I find this strange and not intuitive. Thi...

grabonlee · 07-23-2020

Ok thanks very much.

grabonlee · 07-22-2020

Thanks for responding, given that the post is old. Based on what you said, I guess that the CN would be relevant if a public cert with no SAN is used, which I’ve mostly seen used for guest portal, but for private domain, a DNS for a “generic” CN isn’...

grabonlee · 07-22-2020

@Damien Miller CN=ise.mydomain.comSAN=ise.mydomain.comSAN=node1.mydomain.comSAN=node2.mydomain.comSAN=guestportal.mydomain.com Based on the example you gave above, can the CN=ise.mydomain.com be a DNS Alias for PSN1 and PSN2 instead of an A record? ...

grabonlee · 05-14-2020

Hi @lazuardinurfaiz15 The commands for AIREOS controller is different from IOS-XE controller, so I can't help you on that. I merely pointed what may be your issue, as it's same as I had with an IOS-XE controller. You can do a show telemetry on your W...

grabonlee · 05-14-2020

Hi @lazuardinurfaiz15 Are you using CA signed cert on the DNA and using self-signed on the WLC or are both devices using self-signed?The error you have is similar to an IOS-XE controller such as 9800. It's either a certificate trust issue or the devi...

Member Since	‎07-11-2011 04:25 AM
Date Last Visited	‎06-08-2021 11:48 AM
Posts	436
Total Helpful Votes Received	185

User Statistics

User Activity

One-Click approval does not work with the "Only accounts assigned to this sponsor" option

Change Help link in Cisco ISE One-Click Approval Portal

Cisco ISE Guest Authentication failed - No relevant Information

ISE Interface Alias and EAP Cert

Cisco ISE Guest Notification and Access Information disparity

Re: ISE Identity Certificate.

Re: ISE Identity Certificate.

Re: ISE Identity Certificate.

Re: Cisco DNA Center Assurance - Wireless

Re: Cisco DNA Center Assurance - Wireless