ISE and Selfservice with single SSID

Similar Messages

• Can I install Adobe DC on desktop and laptop with single subscription?

  Can I install Adobe DC on desktop and laptop with single subscription?

  Hi ,
  Single subscription of Acrobat DC permits you for two installations .You can easily install Acrobat DC on desktop and laptop .
  Make sure you don't access them simultaneously .
  Regards
  Sukrit Dhingra

• Cisco ISE 1.1.1 - Single SSID

  I'm working on our ISE implementation and these are my two goals.
  1.  Single SSID for BYOD users and corporate managed systems.
  Login to the NAC agent if not part of the domain (EX: windows laptop not part of the domain joins the SSID, goes through the self service portal, downloads NAC agent, must login to NAC agent whenever joining network with AD credentials)
  AD login required to join this SSID, no guests allowed
  2.  Guest SSID
  Guest login only - requires sponsor
  web agent required for windows machine
  AV required
  Current AV definitions required
  Are these goals attainable or am I better to go in a different direction is my first question.
  Second, using the Cisco BYOD Smart Solution Guide (link at bottom of post) it mentions the single SSID as not being a complicated component but it only runs through the dual SSID solution, what settings are needed for a single SSID? I'm using Open + MAC Filtering but when the supplicant attempts to connect it doesn't work because it's looking for a WPA2 network with the same SSID name.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html
  Single SSID is specifically mentioned here:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html#wp504735

  David,
  What the documentation did was that it created a condition which does the check for the ssid in the access-request:
  Guest_Authz is a user-defined simple authorization condition for guests  accessing the Internet via Web authentication through the WLAN  corresponding to the open guest SSID. It matches the following RADIUS AV  pair from the Airespace dictionary:
       Airespace-Wlan-Id - [1] EQUALS 1
  So that when the user connects to the network they are connecting through the guest ssid in which this has the wlan id of 1. Either you can do that in your authorization rule right in the screenshot or you can create this condition under the policy elements tab.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Dynamic vlan assignment with single SSID

  Hi All,
  I have 300 APs deployed  and  concurrent client associations that number 3000+ daily
  at the moment I have a single subnet for all users, there is no authentication just a click through
  page with email entry to gain access.
  The APs are assigned to groups based upon the building zone they are in, is it possible to
  assign a vlan based upon the AP the user is associated to but still only broadcast a single SSID.
  TIA

  You can assign dynamic vlan for 802.1X authentication using aaa override from RADIUS server.
  In your case, since it is webconsent ssid you can use AP groups to put clients on differnt vlans per the AP group
  Sent from Cisco Technical Support iPhone App

• Dynamic SQL and Data with Single Quotes in it.

  Hi There,
  I have a problem in that I am using dynamic SQL and it happens that one of the columns does contain single quotes (') in it as part of the data. This causes the resultant dynamic SQL to get confused as the single quote that is part of the data is taken to mean end of sting, when in fact its part of the data. This leaves out a dangling single quote that was meant to enclose the string. Here is my dynamic SQL and the result of the parsed SQL that I have captured:
  ****Dynamic SQL*****
  l_sql:='select NOTE_TEMPLATE_ID '||
  'FROM TMP_NOTE_TEMPLATE_VALUES '||
  'where TRIM(LEGACY_NOTE_CODE)='''||trim(fp_note_code)||''' '||
  'and TRIM(DISPLAY_VALUE)='''||trim(fp_note_text)||''' ';
  execute immediate l_sql INTO l_note_template_id;
  Because the column DISPLAY_VALUE contains data with single quotes, the resultant SQL is:
  ******PARSED SQL************
  select NOTE_TEMPLATE_ID
  FROM TMP_NOTE_TEMPLATE_VALUES
  where TRIM(LEGACY_NOTE_CODE)='INQ' and TRIM(DISPLAY_VALUE)='Cont'd'
  And the problem lies with the single quote between teh characters t and d in the data field for DISPLAY_ITEM. How can I handle this?
  Many thanks,

  I have been reliably informed that if one doesn't enclose char/varchar2 data items in quotes, the right indices may not be usedI am into oracle for past 4 years and for the first time i am hearing this.
  Your reliable source is just wrong. Bind variables are variables that store your value and which are used in SQL. They are the proper way to use values in your SQL. By default all variables in PL/SQL is bind variable.
  When you can do some thing in just straight SQL just do it. Dynamic SQL does not make any sense to me here.
  Thanks,
  Karthick.

• Sound Blaster Omni 5.1 - mute speaker and mic with single button push

  Does anyone know if its possible configure the Omni to mute both speakers and the Omni's internal mic with a single button push using the hardware volume/mute button on the Omni. I have a scenario where i need to mute both quickly when a call comes in and its a nuisance having to mute the speakers and mic separately.

  Hi Tony,
  Unfortunately there is no physical button to achieve that. Neither is there a software button to disable both speakers and mic at the same time.
  Regards,
  Colin-CL

• HCM forms and process with single workflow

  Hi Experts,
  Can we use single workflow for multiple form scenarios?
  Actually we have some 10 scenarios with 20 forms. We planned to combine all the scenario's in a single workflow and use it in different form scenario.
  Is it possible or we need to create a separate workflow for each process?
  Thanks in advance,
  Helps will be appreciated.

  Thanks for the reply Rick.
  For normal workflows its fine. I would like to know for HCM forms and process will it allow or not?
  HCM forms and process framework has come limitation's. Please check the below link.
  http://help.sap.com/saphelp_erp60/helpdata/en/42/f2cd04249b3268e10000000a1553f6/frameset.htm
  So I doubt will it make any issues.
  Thanks.

• Create and Edit with single button

  Hi Experts
  I am working in jdev 11.1.1.3.0
  I have Employee table and i need to create Depart information for that employee. Here i am using single button for both create and edit.
  Can you suggest me the approach.

  I tried the approcah what describe in the below link
  http://www.oracle.com/technetwork/developer-tools/adf/learnmore/45-decision-based-method-outcome-169187.pdf
  But in my case my task flow is
  edit
  Method call----> Router-------------Depart.jsff
  |
  |
  CreateInser
  <?xml version="1.0" encoding="windows-1252" ?>
  <adfc-config xmlns="http://xmlns.oracle.com/adf/controller" version="1.2">
  <task-flow-definition id="emp-deprtment-config">
  <default-activity id="__11">navigateSrvChar</default-activity>
  <input-parameter-definition id="__8">
  <name id="__9">bidId</name>
  <value>#{requestScope.bidId}</value>
  <class>oracle.jbo.domain.Number</class>
  </input-parameter-definition>
  <view id="deprtment">
  <page>/jsffs/emp/deprtment.jsff</page>
  </view>
  <method-call id="navigateSrvChar">
  <method>#{DepartmentBean.editOrCreate}</method>
  <outcome id="__17">
  <fixed-outcome>navigateSrvChar</fixed-outcome>
  </outcome>
  </method-call>
  <method-call id="CreateInsert">
  <method>#{bindings.CreateInsert.execute}</method>
  <outcome id="__28">
  <fixed-outcome>CreateInsert</fixed-outcome>
  </outcome>
  </method-call>
  <router id="router1">
  <case>
  <expression>#{pageFlowScope.navigation == 'edit'}</expression>
  <outcome id="__18">edit</outcome>
  </case>
  <case>
  <expression>#{pageFlowScope.navigation == 'create'}</expression>
  <outcome id="__19">create</outcome>
  </case>
  </router>
  <control-flow-rule id="__23">
  <from-activity-id id="__24">navigateSrvChar</from-activity-id>
  <control-flow-case id="__27">
  <from-outcome id="__26">navigateSrvChar</from-outcome>
  <to-activity-id id="__25">router1</to-activity-id>
  </control-flow-case>
  </control-flow-rule>
  <control-flow-rule id="__29">
  <from-activity-id id="__30">CreateInsert</from-activity-id>
  <control-flow-case id="__32">
  <from-outcome id="__31">CreateInsert</from-outcome>
  <to-activity-id id="__33">deprtment</to-activity-id>
  </control-flow-case>
  </control-flow-rule>
  <control-flow-rule id="__6">
  <from-activity-id id="__7">router1</from-activity-id>
  <control-flow-case id="__12">
  <from-outcome id="__13">edit</from-outcome>
  <to-activity-id id="__10">deprtment</to-activity-id>
  </control-flow-case>
  <control-flow-case id="__15">
  <from-outcome id="__16">create</from-outcome>
  <to-activity-id id="__14">CreateInsert</to-activity-id>
  </control-flow-case>
  </control-flow-rule>
  <use-page-fragments/>
  </task-flow-definition>
  </adfc-config>
  but i am getting error like " The ADF Controller cannot find metadata for activity '/taskflows/emp/emp-deptment-config.xml#emp-deptment-config@router1'."
  any inputs could be highly appreciate
  Edited by: user642703 on Oct 20, 2011 5:33 AM

• Can i instal aperture on mac pro and laptop with single licence from mac store?

  when I buy aperture from mac store for 54pounds - can I install on both my mac pro and laptop?

  Excellent Thank you Niel:)

• Using multiple wireless networks with Single sign on?

  The university that I currently work for has switched from one wireless SSID to 2 separate SSIDs that separate the student users from the faculty/staff users. At this time only the Faculty Staff can log into STAFF and students can only log into STUDENT...
  I have a few laptop carts that were setup for student use and have single sign on configured for the STUDENT wireless connection. The laptops are on the university's domain so that students have access to the home drives.
  We run into problems when Faculty try to use a laptop to teach a class. They are unable to log in because their credentials are not authorized for the STUDENT wireless network. 
  So...Is it possible to setup 2 wireless profiles (STUDENT and STAFF) with single sign on and give the user an option to choose from?

  Hi,
  Based on your description, I would like to suggest you use Group Policy to configure Wireless Network Settings:
  Using Group Policy to Configure Wireless Network Settings
  http://technet.microsoft.com/en-us/magazine/gg266419.aspx
  Please follow the information from the link above to check the issue.
  If it doesn’t work, I recommend you initial a new thread in our Windows Server Forum for further assistance.
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?category=windowsserver
  Hope it helps.
  Regards,
  Blair Deng
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• ISE Single SSID BYOD - Windows Endpoint user experience

  We are implementing wireless BYOD using Cisco ISE 1.2 and WLC 7.4x. We are using PEAP / MS-CHAP v2 for wireless security. We are able to on-board iOS, Adroid, and MAC OS endpoints using single SSID and Native supplicant provisiong seems to work fine with these endpoints. We are having issues with Windows clients. On Windows client, when the user selects the SSID, it is prompting for userid/password, but never gets a pop-up for server certificate. We are using a third party public wildcard certificate on ISE for HTTP/EAP authentication.  On ISE, we are getting: 12511 Unexpectedly received TLS alert message; treating as a rejection by the client.                

  12511
  EAP
  Unexpectedly   received TLS alert message; treating as a rejection by the client
  While trying to   negotiate a TLS handshake with the client, ISE received an unexpected TLS   alert message. This might be due to the supplicant not trusting the ISE   server certificate for some reason. ISE treated the unexpected message as a   sign that the client rejected the tunnel establishment.
  Warn

• ISE 1.2 With WLC and AD

  Hi everyone,
  What is the steps and Procedure implement Wired and wireless authentication with ISE, WLC and AD for a LAB environment. currently the following are done.
  The wireless network is configured with 2 SSID (Staff and Guest) 
  Active Directory, DNS, DHCP, and  NTP configured & synced.
  ISE and AD running on C220 VMs, and WLC is 5760 Appliance.
  Please provide your thoughts and assistance.
  Regards

  You have to implement dot1x and radius between your NAD and ISE device.
  Using the switch 3850, that are the steps: 
  username RADIUS-HEALTH password radiusKey1 privilege 15
  aaa new-model
  aaa authentication login default local
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting auth-proxy default start-stop group radius
  aaa accounting dot1x default start-stop group radius
  !this password will be used to communicate with ISE and to verify reachability
  !between ISE and Switch
  aaa server radius dynamic-author
   client 172.16.1.18 server-key 7 radiuskey
   client 172.16.1.20 server-key 7 radiuskey
  ip domain-name lab.local
  ip name-server 172.16.1.1
  dot1x system-auth-control
  interface GigabitEthernet1/0/3
   switchport mode access
   switchport voice vlan 50
   switchport access vlan 10
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action authorize voice
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  ip access-list extended ACL-ALLOW
   permit ip any any
  !the comm between radius and ise will occur on these Port
  ip radius source-interface Vlan100
  logging origin-id ip
  logging source-interface Vlan100
  logging host 172.16.1.20 transport udp port 20514
  logging host 172.16.1.18 transport udp port 20514
  ip radius source-interface Vlan100
  logging origin-id ip
  logging source-interface Vlan100
  logging host 172.16.1.20 transport udp port 20514
  logging host 172.16.1.18 transport udp port 20514
  snmp-server community ciscoro RO
  snmp-server community public RO
  snmp-server trap-source Vlan100
  snmp-server source-interface informs Vlan100
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 10 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  !defining ISE servers
  radius server ISE-RADIUS-1
   address ipv4 172.16.1.20 auth-port 1812 acct-port 1813
   automate-tester username RADIUS-HEALTH idle-time 15
   key radiusKey
  Please be sure that NTP servers and time are synchronized. 
  enable dot1X on windows machine, or using cisco NAM. 
  you can enable debugging on aaa authentication to see the events. 
  you have to create this user on ISE (RADIUS-HEALTH). 
  3850#test aaa group radius username password new-code 
  and observe the result. You are supposed to have user authenticated successfully. 
  You Must also have define these device in ISE on the radius interface.
  ip radius source-interface ..... use this interface ip address to define Ip address of the NAD device in ISE. 
  administration-->network resources -->Network Devices-->Add
  input the name
  input the Ip address for radius communication
  select the authentication settings and field the corresponding shared secret radius key
  select snmp settings and select version 2c. 
  snmp community : ciscoro
  you can customize the polling interval if you want and that all. 
  you are supposed to received message communication between your NAD and ISE. 
  After you can do the procedure for WLC device. 
  I will fill it after you have passed the first steps (3850 authentication). 

• LWA Guest Access with ISE and WLC

  Hi guys,
  Our Company try to implement Guest Access with ISE dan WLC with Local Web Auth Method. But there is problem that comes up with the certificate. This is the scenario :
  1. Guests try to connect wifi with SSID Guest
  2. Once it connect, guests open the browser and try to open a webpage (example: cisco.com)
  3. Because, guests didn't login, so it redirect to "ISE Guest Login Page" (url became :
  https://ise-hostname:8443/guestportal/Login.action?switch_url=https://1.1.1.1/login.html&wlan=Guest&redirect=www.cisco.com/
  4. If there is no ISE Guest Login Page installed, message Untrusted Connection message will appear, but it will be fine if they "Add Exception and install the certificate"
  5. After that the Guest Login Page will appear, and guests input their username and password.
  6. Login success and they will be redirected to www.cisco.com and there is pop up from 1.1.1.1 (WLC Virtual Interface IP) with logout button.
  The problem happen in scenario 6, after login success, the webpage with ISE IP address and message certificate error for 1.1.1.1 is appear.
  I know it happened when guests didn't have the WLC Login Page Certificate...
  My Question is, is there a way to tunneling WLC Certificate on ISE ? Or what can we do to make ISE validate WLC Certificate, so guests doesn't need to install WLC Certificate/ Root Certificate before connect to Wifi ?
  Thx 4 your answer and sorry for my bad English....

  Thx for your reply Peter, your solution is right,
  i don't choose CWA, because their DNS is not stable...
  i've found the problem...
  the third-party CA is revoked, so there is no way it will success until it fixed...
  and there is no guarantee, they will fix it soon..
  so solution that we choose is by disable "HTTPS" on WLC...
  "config network web-auth secureweb disable".
  "config network web-auth secureweb disable".
  "config network web-auth secureweb disable".
  "config network web-auth secureweb disable".
  "config network web-auth secureweb disable"
  thank you all...

• I created a form with Single Choice fields, 4 days with times listed. But, I want the user to only be able to choose one time, and the time chosen to be unavailable for other users. How do I do this?

  I created a form with Single Choice fields, 4 days with times listed. But, I want the user to only be able to choose one time, and the time chosen to be unavailable for other users. How do I do this? I have 4 blocks of Single Choice fields in order for the summary page to give me each day in the final report. But, I need the user to be able to make a selection of any day and time and that apointment to no longer be available to future users when they log in. Plus, when the user clicks on the time, they are unable to change their mind and choose another time. Here's the link if you want to see what I'm talking about: 2015-2016 Workload Apportionment Review

  I'm afraid not.    It's not rocket science but you need to do some coding. 
  You'll need to find a script (php) and save it to your local site folder.  Then reference the script in your form's action attribute like so.
       <form action="path/form-to-email-script.php" >
  The input fields in your HTML form need to exactly match the script variables. 
  I'm  assuming you're hosted on a Linux server which uses PHP code.  Linux servers are also case sensitive, so upper case names are not the same as lower case names.  It's usually best to use all lower case names in your form and script to avoid confusion.
  Related Links:
  Formm@ailer PHP from DB Masters
  http://dbmasters.net/index.php?id=4
  Tectite
  http://www.tectite.com/formmailpage.php
  If this is all a bit beyond your skill set, look at:
  Wufoo.com (on-line form service)
  http://wufoo.com/
  Nancy O.

• Some albums I put on my Mac to later sync with a Touch appears as seperate tracks and not a single album.  How do I get them back together again other than a playlist.  I do not want the tracks showing up as albums on the Touch?

  Some albums I put on my Mac to later sync with a Touch appears as seperate tracks and not a single album.  How do I get them back together again other than a playlist.  I do not want the tracks showing up as albums on the Touch?

  Are your tracks pat of a collection? Different artists, but still one album? Then mark them a s acollection or set the album artist. See this guide on how to group separate tracks into albums:
  iTunes: Grouping Tracks Into Albums