ISE and non-802.1x devices

Similar Messages

• Find my iPhone has reset and none of my devices are listed; is this because I have an old Iphone4? And can I set all my devices back up again? And how do I set my devices back up?

  Find my iPhone has reset and none of my devices are listed; is this because I have an old Iphone4? And can I set all my devices back up again? And how do I set my devices back up?

  You can not merge accounts.
  Apps are tied to the Apple ID used to download them, you can not transfer them.

• ISE and non-auth Guest

  Hi,
  Using WLC and ISE, is it possible to simply present Guest users with an AUP (without having to do any kind of authentication) before granting them Internet access..? Would this be done using Web Passthrough on the WLC or modifying a Portal template on the ISE so that it does not contain a Login page?? Any advice welcome.
  Cheers,
  Santi

  you can customize the guest login portal page:
  To support a fully-customized guest portal, you must provide a minimum set of HTML pages based on the features you want to support:
  Login Page—Required
  Successful Guest Login Page—Required
  Error Page—Required
  Acceptable Use Policy Page—Required only if you require guests to acknowledge an acceptable use policy.
  Change Password Page—Required only if you require guests to change their passwords when signing in for the first time.
  Self-Registration Page—Required only if you allow guests to create their own accounts (self service).
  Self-Registration Result Page—Required only if you allow guests to create their own accounts (self service).
  Device Registration Page—Required if you are supporting device registration for guest users.

• ICloud and non iOS 5 devices

  My Wife has an older iPhone and I have an earlier iTouch that will not update to iOS 5. What will happen if I launch iCloud? Will the two older devices still get email and messages?

  Maybe we're talking past each other, or my forum searching capabilities stink.  I'm not finding the workaround solutions you reference. 
  Is the consensus from others that, despite the fact that Apple advertises this as a current feature, it really isn't?

• Non CISCO unknown devices are being discovered in LMS

  Hi!
  I have had no problem with discovery which was used on cdp basis so far.
  Now the CDP packets do not arrive via new MPLS backbone network.  I have to use the "ping sweep feature in IP range" feature. I had to enter more than 400 subnet from file before there are more than 400 branches. ( etc. 10.31-9.1-50.252 255.255.255.252 )
  I have experienced two problems
  1. The discovery never end ( now this is not important ) :-)
  2. The common services -- device management shows discovered unknown devices whose ip addresses out side the range what are entered by me in the ping sweep range and theirs OID is not CISCO.
  (  1.3.6.1.4.1.2001.1.1.1.1  ,  1.3.6.1.4.1.11.2.3.9.1  ,  1.3.6.1.4.1.674.10892.2  , 1.3.6.1.4.1.18334.1.1.1.2.1.7.1.2 and even more )
  Due to more than 300 unknown devices the LMS device number is beyond the license number!!!!!
  Our questions.
  Why does lms add the unknown devices ( non cisco devices ) to the inventory ?
  How could lms discover  these devices ??? ) ( theirs IP are out of ping sweep range and non cdp capable devices )
  Thanks in advance!

  Thank you!
  The unknown devices were in unreachable state and they were added to DCR.
  I don't use include or exclude filter what were referred by bug.
  In spite of i use seed device list from file the LMS ping sweep debug log shows that LMS try to ping other IP addresses!!!!
  You're right, it is not normally operation may be TAC will be needed to  solve it.
  ( whether who tested it ?)
  Regards,

• I have a 3rd generation ipod that will not connect. I keep getting an error message that says "USB Device Not Recognized".  I have tried 3 seperate cables and none of them are working.  Please help!

  It keeps telling me that one of the USB devices for this computer has malfunctioned and windows does not recognize it.  I have tried all of the ports and still am not having any luck.  I have purchased 3 brand new cables and none of them are working.  I have tried to update the driver but it says I am using the most up to date.  I have tried to reset the Ipod by holding the center button and menu button until the apple appears.  I am not sure what else to try.  Any help would be greatly appreciated.  My computer is Windows Vista!

  Hello butterflygirlie,
  Have you tried uninstalling the driver for your iPod from within Device Manager?  After uninstalling it, go ahead and unplug your iPod and plug it back in.  Doing so should cause your system to locate the proper driver for it.
  B-rock

• Hello iphone users, I have a situation here.. I have an Iphone 4G that 2 days ago displayed the black screen with de apple logo, ive done the recovery mode over and over in diferente pcs(windoes, mac) and none seem to aknowledge the device, what to do???

  hello everyone, as I have stated above, I have an Iphone 4G realtively new, just 3 months of use. I've never dropped it, nor got it wet. The problem is that the screen just one day went black and displays the apple logo, when I do the recovery mode everyway possible the screen shows the itunes link but the pc doesn't acknowledge it.. I've tried on many pcs (windows and mac) and none respond because the device is not shown on itunes it just says "driver not found"
  please what to do???

  Call Apple Customer Relations - 1-800-275-2273.  Ask politely & firmly that you want to be transferred to Customer Relations.  Tell them exactly what you stated in your post.
  GOOD LUCK!
  These are user-to-user forums where everyday folk (volunteers) post questions and offer answers (technical support) to each other.  

• ISE and 802.1x - Retrieve User Cert from AD for Auth without it being in the Personal Store?

  Hello,
  We are implementing 802.1x EAP-TLS wired at the moment with Cisco ISE, and wireless is to come after that, along with our internal PKI.  I set up the PKI, and our network engineer is setting up the ISE.  We currently have it set to first authenticate the computers with a computer certificate (allowing access to AD, among some other things), and then further authenticate the users with user certificates.
  I don't have much knowledge of Cisco ISE, and plan to learn as we go, but I'm wondering:
  Is it possible to authenticate the computer via the computer certificate, getting access to AD, and then have the ISE check AD for the User certificate INSTEAD of the User certificate being in the local Personal store of the client computer?  We have autoenrollment going for user certificates, but it seems to be cumbersome (in thought) that once 802.1x is enabled, a new computer/employee coming on the network has to first go to an unauthenticated port to be able to download the User certificate in the Personal store, before then being able to use an 802.1x port?
  I guess that makes two questions:
  1) Can ISE pull the user cert from AD, without needing it in the local Personal store?
  2) What's the easiest way to handle new computers/users that don't already have the User cert in their local Personal store once 802.1x is enabled?

  1)No
  2)Use EAP-Chaining with EAP-TLS and PEAP
  For this scenario, i would go with Cisco AnyConnect NAM, and then use EAP-Chaining, with EAP-TLS for machine auth, and then PEAP for user authentication. This way you can make sure that both the machine and the user is authenticated, and more importantly, that a user can not get on the network with their user identity only and no machine identity. Using windows own supplicant for this, gives no garantee that the user has logged in from an authenticated machine. The feature that used to be used for this before EAP-Chaining was introduced, is called MAR, and has many problems, making it almost useless in a corporate environment. Security wise, the PEAP-MSCHAPV2 is tunneled in EAP-FAST and does not have the same security issues as regular PEAP.

• Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?

  Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?
  Im trying to follow the trustsec 2.1 guide on IP Phones into LowImpact mode.
  I can get a PC on its own to authenticate via dot1x/tls
  I can get a Cisco IP Phone on its own to authenticate via MAB.
  When the two are on the same switchport, the phone will authenticate but not the PC.  ISE logs EAP timeouts.
  The switchport has the LowImpact port ACL of
  ip access-group ACL-DEFAULT in
  The IP Phone gets a dACL that allows it ok.
  I assume MAB phone and dot1x PC is supported?  Any ideas?
  Thanks in advance.

  The ISE log detailed steps are as follows:
  Steps
  11001  Received RADIUS Access-Request
  11017  RADIUS created a new session
  Evaluating Service Selection Policy
  15048  Queried PIP
  15048  Queried PIP
  15004  Matched rule
  11507  Extracted EAP-Response/Identity
  12300  Prepared EAP-Request proposing PEAP with challenge
  12625  Valid EAP-Key-Name attribute received
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12501  Extracted EAP-Response/NAK requesting to use EAP-TLS instead
  12500  Prepared EAP-Request proposing EAP-TLS with challenge
  12625  Valid EAP-Key-Name attribute received
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12502  Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
  12800  Extracted first TLS record; TLS handshake started
  12805  Extracted TLS ClientHello message
  12806  Prepared TLS ServerHello message
  12807  Prepared TLS Certificate message
  12809  Prepared TLS CertificateRequest message
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12504  Extracted EAP-Response containing EAP-TLS challenge-response
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12504  Extracted EAP-Response containing EAP-TLS challenge-response
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  5411  No response received during 120 seconds on last EAP message sent to the client

• Contacts and Calendar with iCloud and non-iCloud devices

  I have a mix of non-iCloud and iCloud devices and macs, both at work and at home. Calendar has continued to sync correctly between all devices, however contacts is definitely not syncing between iCloud and non-iCloud devices. Bookmarks are also not coming across from iCloud devices to non-iCloud macs. Mail is working fine. I'm surprised that there is such variation in core apps. I would have expected iCal and Address Book to both work (or not work), but this seems not to be the case.
  Keen to know if this is the norm for other uses of mixed environments?

  I have a Macbook. Mac OS X 10.5.8. And an iPhone 4, as well as an iPad 2 - both on iOS 5.
  There is a really really annoying and silly issue with syncing contacts and calendars across my Mac using iTunes (cable) and the iCloud options when my Mac does not support iCloud.
  When I create / amend a contact or an event on my iOS device, if I choose (or more likely than not, the default option) "iCloud" for my contacts / calendar, the creation or amendment does NOT appear in my MAC even when syncing over cable with iTunes.
  I have to choose ONE to edit - either the iCloud version OR the "from my Mac" version.
  This is extremely annoying and silly - so much for Apple's seamless integration of products.
  Of course, the easiest way out (and I am assuming Apple's preferred option) is to
  (1) get a new Macbook Pro / Air that has OS X Lion which has iCloud inbuilt. - but that is just wasteful as my Macbook is still running flawlessly. (until now)
  Or to do the unthinkable and tinker with electronics when you are totally clueless (like I am) and to
  (2) upgrade to Snow Leopard and then to Lion - yeah right... have you friggin read those reviews?!?!
  Is Apple intending to solve these issues for the non iCloud / iCloud group of users and make the Apple experience better again?
  Or just because the company is doing great financially, and selling more products more than ever, and yet still have huge huge markets to conquer, gonna just ignore the above issues and just wait for our patience to wear thin, and do (1) - buy yet another new product.
  OR we could switch to android and samsung and PCs and what have yous... please do not make us make this choice!!!

• TS4425 hmmm. I haven't got that notificaton. I use an Iphone 4 and a 2' gen IPad, but non of the devices let me accept the conditions. So I can't ude photsream on my apple tv2 gen.

  I've got a problem to use Photo Steram on my Apple TV, because Icloud said that someting had change. I would have to accept the terms, I haven't got that notificaton. I use an Iphone 4 and a 2' gen IPad, but non of the devices let me accept the conditions. So I can't ude photsream on my apple tv2 gen

  I've got a problem to use Photo Steram on my Apple TV, because Icloud said that someting had change. I would have to accept the terms, I haven't got that notificaton. I use an Iphone 4 and a 2' gen IPad, but non of the devices let me accept the conditions. So I can't ude photsream on my apple tv2 gen

• My entire iTunes library is missing on my two non-Apple computers. My libraries still exist on my iPad and iPhone though. I tried deauthorizing and then reauthorizing my devices, uninstalling and then reinstalling iTunes and nothing works. What happened?

  My entire iTunes library is missing on my two non-Apple computers. My libraries still exist on my iPad and iPhone though. I tried deauthorizing and then reauthorizing my devices, uninstalling and then reinstalling iTunes and nothing works. What happened?

  See Empty/corrupt iTunes library after upgrade/crash or
  Recover your iTunes library from your iPod or iOS device.
  tt2

• Is it legal to convert the music files, which I have purchased in recent months, to the mp3 format and burn them on to a CD so that they can be played on non-apple music devices that do not support the M4A format?

  Is  it legal to convert the music files, which I have purchased in recent  months, to the mp3 format and burn them on to a CD so that they can be  played on non-apple music devices that do not support the M4A format?

  Hi,
  This is what apple says about converting files http://support.apple.com/kb/PH12167
  Jim

• Is it legal to convert the music files, which I have purchased in recent months, to the mp3 format and burn them on to a CD so that they can be played in non-apple music devices that dont support the M4A format?

  Is it legal to convert the music files, which I have purchased in recent months, to the mp3 format and burn them on to a CD so that they can be played in non-apple music devices that dont support the M4A format?

  Yes, of course it is legal.
  To convert the format, follow one of these documents:
  iTunes 11 for Windows: Save a copy of a song in a new file format
  iTunes 11 for Mac: Save a copy of a song in a new file format
  Also note that you have the option of buying your files in MP3 format in the first place, from Amazon MP3 or other online retailers.  MP3 files will work in iTunes as well as virtually every other player, program, and device.

• Having both 802.11g and 802.11n devices on a new dual-band AEBS

  Although I don't own a dual-band AEBS yet, I'm thinking I might be in the market for one. I just moved into a new apartment complex where the 2.4GHz frequency is saturated with over 30 wireless networks in range of my unit. I'm thinking that the 5GHz frequency would be much less crowded, and am thus considering getting a dual-band AEBS.
  I have the following equipment on my home network:
  1 Power Mac G5 (uses wired ethernet)
  2 MacBooks (use 802.11n)
  1 iPhone (uses 802.11g)
  1 PlayStation 3 (uses 802.11g)
  My question is (and I keep finding conflicting information on this topic) will the iPhone and the PS3 slow down the MacBooks from 802.11n speed to 802.11g speed when they are connected to the dual-band AEBS? If so, can this be avoided by running 2 routers with two separate SSIDs (one in 802.11n only mode, and the other in 802.11g only mode)?
  Sorry if this is a repeat question, but the fine print on Apple's product page says that the dual-band AEBS will be slowed down when a 802.11g device joins, but I have heard people say otherwise elsewhere.
  Thanks.

  So with the new dual-band AEBS, it is possible to create two different SSIDs (one 5GHz 802.11n and one 2.4GHz 802.11g) and have those two networks seamlessly joined for file/printer sharing as well as both run at their maximum speeds.
  To the best of my knowledge, being that I just got one a few days ago and haven't "experimented" fully yet, I believe the answer is yes to all counts. I'm sure if others have had the opportunity to check out all of the features that this new model has to offer, they will certainly chime in.