ISE Authz rules with location based device
Hi forumers'
I have a POC situation as below:
A policy to restirct contractor only able to log-in to the network using AP-01
There's no problem for me to do the authentication and authorization rules for me to get the contractor connect, but my challenge is how i should apply the "only able to log-in to the network using AP-01" requirement?
My AP is cisco 1041 AP, what and how should i to enable this happen any fulfill the requirement?
thanks
Noel
It should be in the monitoring page under authentication, when you click on the magnifying glass you should be able to see the details of the attributes that are being sent.
Or you can run a report for radius authentication and export the pdf of the authentication details.
thanks,
Tarik Admani
Similar Messages
-
Just as the question says
Does AirPrint work with all kinds of printers with moden usb capability.
AirPrint works if you have an AirPrint compatible printer. See this Apple support document for details on compatible models.
http://support.apple.com/kb/HT4356
If the printer is not AirPrint compatible, it still might be possible to enable printing by installing an App like Print Central on the iPad, iPhone, or iPod.
PrintCentral Pro for iPhone/iPod Touch - iTunes - Apple
Does it also work with android based devices?
I would be surprised if it did, but best to ask that question on an Android support forum. -
Problems with location based applications
I am having problems with all of my location based applications i.e. none of them work. It seems I can never be located by the GPS no matter where i am and i just get a permanently spinning wheel. I have deleted and reloaded the Apps (although even with the generic Maps App i cannot be located) and i have reset the phone Reset iPhone (but havent Reset Settings or Restored yet). I love my iPhone but this is very frustrating. Can someone please help ?
Didn't work unfortunately. My Location Services were On so i proceeded to Restore. All went ok on the Restore but i still have the same problem. I have 4 App's that are location based and none of them work. Your suggestion ? Thanks for your help.
-
Has Apple acknowledged that there's an issue with location based reminders?
After searching several posts, I haven't found where Apple is working on a solution for the location reminders issue. There are several recommendations that people make...but most don't seem to work. What say you Apple??
Please reply with a link if I missed something during my search that answers my question. ThxIt was a bug. In iOS 7.1 Apple fixed the location based Reminders. Users no longer need to have the Reminders app running in the background for location based reminders to fire off.
-
ISE: create rules with AD groups for Users and Computers
Hello,
We've just begun to work with ISE.
Is it the good place to post on ISE, or there is a dedicated forum in another place?
We'd like to create some rule depending of Computer member groups AND Users member groups from AD, but we meet some difficulties.
We've created AD groups for Computers and Users depending of their Department:
Users_1
Users_2
Computers_1
Computers_2
When we create some basics rules regarding one group only:
- with a group Computers_x to attribute a specific VLAN to a computer (when no Windows session is opened), it runs correctly.
- with a group Users_x to attribute a specific VLAN to an user (when Windows session is opened), it runs correctly.
But when we create a rule regarding a group from Computers and one from Users, to attribute a specific VLAN to an user on a specific computer, this rule is not applied.
Is it possible to use ISE on this way?
Thanks for help.
Regards,
ChrisEnable EAP Chaining— if you want Cisco ISE to allow authentication of both machine and user in the same EAP-FAST authentication.
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_80_eapchaining_deployment.pdf -
ISE Could not locate Network Device or AAA Client
When authenticating using 802.1x and MAB, I recieve an authentication failure with the error 11007(Could not locate Network Device or AAA Client). The root cause that ISE spits back at me is "Could not find the network device or the AAA Client while accessing NAS by IP during authentication." I did pretty much everything by the book except instead of using a loopback interface I used a vlan with a defined ip address. Could this be causing the problem?
Here is the config of the port that I'm testing on:
interface GigabitEthernet1/0/9
switchport access vlan 9
switchport mode access
switchport voice vlan 8
ip access-group ACL-ALLOW in
srr-queue bandwidth share 1 30 35 5
queue-set 2
priority-queue out
authentication event fail action next-method
authentication event server dead action reinitialize vlan 4
authentication event server dead action authorize voice
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x timeout tx-period 10
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
endI can ping both the vlan and the endpoint from the ISE. As far as allowing ISE to speak snmp and RADIUS to the NAD, I have enabled it on the NAD config inside the ISE. I have also double checked the snmp and radius shared passwords.
I have gotten MAB authentication to work but I am still getting the same error for dot1x authentication. Here are some of the configs on the switch.
aaa new-model
aaa authentication dot1x default group radius
aaa authentication dot1x defualt group radius
aaa authentication dot1x group group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa server radius dynamic-author
aaa session-id common
ip radius source-interface TenGigabitEthernet1/0/1
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 5 tries 3
radius-server host 10.10.10.47 auth-port 1812 acct-port 1813 test username test key 7 097940581F5412162B464D
radius-server vsa send accounting
radius-server vsa send authentication
dot1x system-auth-control
authentication order dot1x mab
authentication priority dot1x mab
dot1x pae authenticator
dot1x timeout tx-period 10 -
Will Location based reminders work on ios 6 for the IPad 3 I keep getting a message that siri can't do location based reminders on this device any help please
Have they called you back? I have opened a similar support case too today, they does not know what to do and they will speak with some engineer, but now that I have found this post...I think we just have to wait for a new minor release...anyway our devices (2 and the new if cellular) must be supported http://support.apple.com/kb/HT4970
-
Use Time Capsule with Windows-based Computers and PowerLan Devices
Hi All -
I would like to inquire whether I can:
1) use a Windows-based conputer to access the internal hard disk of Time Capsule; and
2) connect the Time Capsule with prower lan devices (e.g. Aztech) to extend the wirless coverage.
Thank you.
GaryYes.. but.. Long term storage of info is not really wise where you have no backup. TC is not able to back itself up and you will have issues finding anything but manually doing it from windows.
What windows version?
Have you installed the airport utility? That makes life much easier, as it adds bonjour for windows and a disk access agent.
Simply installing the utility may be enough. If not open windows explorer and type the name or IP directly into the address bar.
Note.. you should use all names on the TC that are short, no spaces and pure alphanumeric.
\\TCname or \\TCIPaddress (where you obviously change to real name (no spaces of course) or IP)
If you still have issues.. check that you can ping the TC.. and make sure firewalls are not blocking it and your PC is located HOME, not WORK or PUBLIC. -
Max authz rules in ISE 1.2 ?
Hi All,
Is there any doco on what the current limit is on Auth Z rules in ISE 1.2
I have read 1.1.x had a limit of 140 authz rules.
I am also considering using policy sets if that increases the total authZ rules.
CheersPeter,
Here are the numbers for both 1.1.x and 1.2. Hope this helps.
* ISE 1.1.x
# ISE 1.2
Authentication Policy Rules
* 50
# 400
Conditions Per AuthC Policy Rule
* 3
# 8
Authorization Policy Rules
*140
# 600
Authorization Identity Groups
* 20
# 1000
Conditions per AuthZ Policy Rule
*6
# 8
Authorization Profiles
* 30
# 600
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton -
iPad2 with IOS 8.1.2 located with me in Eastern Time Zone city but settings under General reflects Central Time Zone(Chicago). All location based Apps are reflecting a Central Time Zone city, one that I have never visited. I did an erase and restore of a backup prior to this issue but it was not resolved. What do I do?
I am having a similar issue. I moved about 10-15 miles. Any app, such as Maps, a Weather, etc, that use location keep showing my current location as my old address. I'm interested in hearing the solution to your problem.
-
How do you set location based reminders with location restrictions turned on?
I can set location based reminders with location restrictions turned off, but I want them on. Otherwise if I lost or if somebody stole my iPhone they could just turn off the find my iPhone function. Yet if I have location services restricted to prevent this then location based reminders are unavailable. Any help would be appreciated
I can set location based reminders with location restrictions turned off, but I want them on. Otherwise if I lost or if somebody stole my iPhone they could just turn off the find my iPhone function. Yet if I have location services restricted to prevent this then location based reminders are unavailable. Any help would be appreciated
-
Location based reminders option not available on iPhone 6plus with iOS 8.1
Location based reminders option (within Reminders app) is not available. I can open the app and create a reminder based off time, but there is no option present to specify location. I have location services enabled. The Reminders app is not listed in my apps eligible to use Location services, but it's never asked... because it's not an option in the app to select.
iPhone 6plus with iOS 8.1Try using Siri to set the reminder, something like "remind me to call mom when I leave home". It should either know or ask what "home" is and that may initiate the location services. I did confirm that location services are available on the latest OS for the iPhone plus (just checked mine).
-
Location based services with ELM AP?
Hello Experts,
Maybe you have some experience with this stuff? Is it possible to use location based services with Enhanced Local Mode APs?As long as the AP is serving clients it can, once you remove that and set it like in Monitor Mode and use it for a sniffer or spectrum it can't. So as long as your site survey has triangulation and meets the requirement for location base, you should be fine.
Sent from Cisco Technical Support iPhone App -
How can I stop my IOS 7 device from sharing my location with IOS 8 devices?
How can I stop my IOS 7 device from sharing my location with IOS 8 devices? My friend who upgraded their device to IOS 8 said that I'm automatically sharing my location via iMessage details. I don't want to upgrade to IOS 8 yet because I don't have space. Is there a way to disable sharing my location with IOS 8 devices by default? I don't want to turn all location services off because I frequently use Google Maps.
Actually that's not true. I have a device (iPhone) running ios 7. My friend has an iphone running ios 8. When she clicked into her imessage thread with me, clicks on details in the top right corner it will show her my GPS location. It's doing this automatically because I do not have ios 8 on my phone therefore I don't have the ability to "stop sharing my location". Apple is automatically sharing the location. If you are using an ios 8, apple automatically pulls in location data for anyone you are messaging not using ios 8. I haven't found a way around this unless you turn off all location services on your phone which is immensely disturbing.
-
Promemoria geolocalizzati non funzionano con iOs 7 location-based reminders do not work with iOs7
promemoria geolocalizzati non funzionano con iOs 7
location-based reminders do not work with iOs7Hi konekotron,
See this manual about using the Apple Wireless Keyboard with your iPad -
iPad User Guide
http://manuals.info.apple.com/MANUALS/1000/MA1595/en_US/ipad_user_guide.pdf
See page 25 and the section on using International Keyboards on page 125.
A similar guide for the iPhone -
iPhone User Guide
manuals.info.apple.com/MANUALS/1000/MA1565/en_US/iphone_user_guide.pdf
See page 28.
Thanks for using Apple Support Communities.
Best,
Brett L
Maybe you are looking for
-
Airport Express (Model with 802.11G +54MBPS Mac/PC and Set Up Issues
Hi, We have a 4 Mac and 1 PC Household. Cable Internet Service by Roadrunner.Cable model (owned) connected to a D-Link 802.11G wi fi router (by ethernet from cable modem)in the family room , then out to a Imac (the half moon base and LCD screen with
-
How to force CoreDump in the Kernel source code
Hi, Anyone know, how to force coredump in the Kernel source code?. And also to collect all information related to CPU Registers, CPU IRAM, Cache Data and complete SDRAM content.
-
Javax.swing.JPanel Help
my application is sort of a game, i planned on having a JPanel subclass called EventPanel have an instance variable _curPanel. curPanel is of type JPanel. In the constructor I can set curPanel to Other JPanel subclasses. I have another subclass of J
-
ITunes' Skip Count only works with some of my iPods
iTunes does not count songs skipped on my 1st generation Nano, 2nd generation Nano, or iPhone. It does count songs skipped during play on my computer or from my 1st generation Shuffle. When I took my 1st generation Nano to the Apple Store they got iT
-
Changes to rpt file not recognised
Post Author: annedonnelly CA Forum: General Hi,I've been asked to help a company whose software supplier is being a bit awkward. The software is a stock control package and some of the reports are created using Crystal.They want to make some minor ch