ISE web auth for non-cisco switch(D-link 3528)

Is it possible to use ISE(inline posture node) to redirect the wired users to ISE guest portal ?
And the wired users will get full network access after they pass the web auth.

you can use ISE ln-line posture node with 3rd part switches
RADIUS access device must supply the following RADIUS attributes:
    Calling-Station-Id (for MAC_ADDRESS)
    User-Name
    NAS-Port-Type
    RADIUS accounting message must have the Framed-IP-Address attribute
VLAN, DACL features can be used  but again it depends on switch models let us know  specific switch  models . Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality,

Similar Messages

  • Non Cisco Switches

    Dear ALL,
    I am an IT Potfessional, Doing Network + . I have a questions:
    1) Do Non Cisco Switches have Access and Trunk ports. What i mean is do non cisco switches distinguish between ethernet prots as trunk and access.
    2) Do we need Cross talk cable for Connectine two non cisco switches preferably D-Link . Also How to interconnect a Cisco switch wioth non cisco switch.
    Regards
    Haseeb

    Disclaimer
    The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.
    Liability Disclaimer
    In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.
    Posting
    As Daniel noted "decent" switches, i.e. manageable and supporting VLANs, will generally support VLAN tagging ports using the 801.2q standard.  (NB: this standard allows VLAN tagging between different vendors.)  Switches that support VLANs will distinguish between untagged (edge) ports (e.g. Cisco access) and the tagged ports (e.g. a Cisco trunk), but as Daniel also noted, their terminology might be different.
    As Leo noted, many switches offer auto MDI/MDI-X.  Surprisingly, this feature was often seen on unmanageable switches before it was seen on manageable switches.  Also on older unmanageable switches, you might find a pair of physical ports that are the same logical port, one wired MDI and other wired MDI-X or you might find some button to change one port's MDI to/from MDI-X.  Such "special" ports are often the "uplink" port.  (NB: the purpose of the "uplink" port was to allow connecting it to another switch whether you had a straight through or cross over cable.)
    If you do have a switch supporting auto MDI/MDI-X, or one with the earlier physical MDI/MDI-X options, you only need one switch, not both with such a feature, to support either a straight through or cross over cable.  Of course, both switches might have such an option, which is fine too.  Only if both switches are "hard wired", you'll need a cross over cable for a switch to switch connection.

  • SIP 7960 to non-Cisco Switch

    Does anyone know if a 7960 (SIP) phone can connect to a non-Cisco switch and separate the Voice traffic from the access port traffic?
    I tried connecting a 7960 to a baystack 450T, configuring the switchport as a "tagged trunk", and then changing the Admin Vlan ID on the phone to the desired voice vlan. It looks as though the switch wants the access port traffic to be tagged as well.
    Any help would be greatly appreciated!
    Thanks,
    Darin

    Hi !
    You need to configure a 802.1q trunk on your non-cisco switch. The 802.1q native vlan should be the one the PC is in. The voice vlan will be tagged.
    Configure all parameters (like voice-vlan-id etc) on the phone manually (obviously CDP does not work). I have done it and it works fine (but i never tried on the switch you mentioned).
    Inline Power will also not work because the 7960 is not 802.3af compliant (yet).
    Mike

  • Inline Posture deployment for non Cisco Wireless Controler

    Hi all of you
    I have to deploy an Inline Posture to manage non Cisco Wireless Controler ( ZoneDirecteur 1000 Ruckus), It seem easy but I don't know from where to start. All documentation I rode it's about Inline Posture for VPN. I want just to use this Inline Posture to manage Wireless user through ZoneDirector wirelss controler. Thank you.
    Regards
    Kouassi

    So what is the solution for this scenario?
    remote site has non-cisco autonomous wireless AP. NAC is centralized. I can not use OOB since there is no support for non-cisco AP in OOB mode. As a result I use InBand mode. This means that local wireless trffic in remote site must travel to central site, go through NAC Server and go back to remote site. Is this correct?

  • Interconnecting cisco switches with non-cisco switches

    I need help concerning interconnecting two Cisco switches (3550’s) using a non-Cisco switch or hub on the LAN. I have noticed that the two Cisco switches connected using a non-Cisco switch are able to communicate well, however a PC connected to the non-Cisco switch/hub can not ping any device on the LAN. The non-Cisco device is a working one. When the two Cisco switches are connected using a Cisco switch, PCs connected to the interconnecting switch are able to ping. What’s the explanation? Please help.

    Building configuration...
    Current configuration : 3342 bytes
    ! No configuration change since last restart
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    clock timezone GMT -2
    ip subnet-zero
    ip rcmd rcp-enable
    ip rcmd remote-username cwuser
    spanning-tree mode pvst
    spanning-tree extend system-id
    interface FastEthernet0/1
    switchport mode dynamic desirable
    interface FastEthernet0/2
    switchport mode dynamic desirable
    interface FastEthernet0/3
    switchport mode dynamic desirable
    interface FastEthernet0/4
    switchport mode dynamic desirable
    interface FastEthernet0/5
    switchport mode dynamic desirable
    interface FastEthernet0/6
    switchport mode dynamic desirable
    interface FastEthernet0/7
    switchport mode dynamic desirable
    interface FastEthernet0/8
    switchport mode dynamic desirable
    interface FastEthernet0/9
    switchport mode dynamic desirable
    interface FastEthernet0/10
    switchport mode dynamic desirable
    interface FastEthernet0/11
    switchport mode dynamic desirable
    interface FastEthernet0/12
    switchport mode dynamic desirable
    interface FastEthernet0/13
    switchport mode dynamic desirable
    interface FastEthernet0/14
    switchport mode dynamic desirable
    interface FastEthernet0/15
    switchport mode dynamic desirable
    interface FastEthernet0/16
    switchport mode dynamic desirable
    interface FastEthernet0/17
    switchport mode dynamic desirable
    interface FastEthernet0/18
    switchport mode dynamic desirable
    interface FastEthernet0/19
    switchport mode dynamic desirable
    interface FastEthernet0/20
    switchport mode dynamic desirable
    interface FastEthernet0/21
    switchport mode dynamic desirable
    interface FastEthernet0/22
    switchport mode dynamic desirable
    interface FastEthernet0/23
    switchport mode dynamic desirable
    interface FastEthernet0/24
    switchport mode dynamic desirable
    interface GigabitEthernet0/1
    switchport mode dynamic desirable
    interface GigabitEthernet0/2
    switchport mode dynamic desirable
    interface Vlan1
    ip address
    ip default-gateway
    ip classless
    ip http server
    snmp-server community
    snmp-server community
    snmp-server location
    snmp-server system-shutdown
    snmp-server enable traps snmp authentication warmstart linkdown linkup coldstart
    snmp-server enable traps config
    snmp-server enable traps entity
    snmp-server enable traps flash insertion removal
    snmp-server enable traps bridge
    snmp-server enable traps stpx
    snmp-server enable traps rtr
    snmp-server enable traps port-security
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps envmon fan shutdown supply temperature status
    snmp-server enable traps MAC-Notification
    snmp-server enable traps hsrp
    snmp-server enable traps cluster
    snmp-server enable traps copy-config
    snmp-server enable traps syslog
    snmp-server enable traps vlan-membership
    line con 0
    line vty 0 4
    login
    line vty 5 15
    login
    ntp clock-period 17180064
    end

  • Passing Voice VLAN through a non-Cisco switch

    Hi All,
    Will a non-Cisco switch (no 802.1q support) that is putted beetween Cisco IP Telephone and Cisco Catalyst switch (which is configured with auxilary Voice Vlan) pass voice vlan frames and CDP?

    Any switch should pass on either ISL(which is cisco properitary and hence not supported on non-Cisco) or IEEE 802.1Q frames or else it cannot support voice vlan support . And non-Cisco switches do not support CDP as it is once again Cisco proprietary protocol.

  • Ce 500 non-cisco switch

    How should I configure the smartport on a catalyst express 500 switch if I am connecting a non-cisco switch like a small linksys. I dont think I can make the smartport a switch because it tries to trunk?? right??
    And if I leave it as a PC it complains abouting having to many devices connected to it.
    Would having it configured as something like an access point work??

    Now, I noticed something very odd, I kept the switch option selected on the port on the ce 500 that the linksys was plugged in to and the devices plugged in downstream behind the linksys all kept the correct VLAN assignment. Phones were in the voice vlan and PC's were in the data vlan. Does not really make sense to me how this is working??

  • Cisco ISE web auth Splash page

    Was wondering if the splash page offered by Cisco ISE can be customized, or if it's necessary to redirect to an External server?
    Currently using a downloaded web auth pass-through splash page setup for guest access on a 5508 WLC, but have been asked to move this feature off the WLC and onto the ISE and then customize the page with company logo's and a couple graphics.
    Is this possible?
    Thanks in advance...

    Yes, but you will definitely need ISE 1.3. When creating the guest portal in ISE you would select the "Hotspot Guest Portal" option. This allows guest users to just agree to an AUP (Acceptable Use Policy) and then get Wi-Fi access.
    And yes, you can also perform posture assessment:
    http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/118741-configure-ise-00.html#anc9
    Thank you for rating helpful posts!

  • WLC4402 connect to non-cisco switch?

    I have 2 WLC4402-50 connected to an Extreme Black Diamond chassis, using GLC-T. I have configured LAG on the controllers to support the number of AP's needed and I have configured the ports on the switch to use LaCP aggregation because that is what is available. Is this a supported configuration or do I just need to leave those ports as non-LaCP ports?

    just to help out anyone else using extreme, here is how I got it to work
    first I define the src-dst ip load sharing like this
    Switch#. configure sharing address-based L2_L3_CHK_SUM
    and then I configure sharing on the ports (the port number between the sharing and grouping is just the master port number for the share)
    Switch#. enable sharing 3:26 grouping 3:26, 3:56 algorithm address-based
    Switch#. enable sharing 3:28 grouping 3:28, 3:58 algorithm address-based
    and then I do the vlan config like
    Switch#. create vlan "Wireless"
    Switch#. configure vlan Wireless tag 250
    Switch#. config vlan "default" add ports 3:26, 3:28 untagged
    Switch#. config vlan "Wireless" add ports 3:26, 3:58 tag

  • Stacking a non-Cisco Switch with a Catalyst Express 500 switch

    We are using a Cisco Catalyst Express 500 Ethernet switch and need to add another switch to get a few more ports. Is is possible to stack a Catalyst Express 500 Ethernet switch with a non-Cisco Ethernet switch. If so, is there any Cisco documentation telling how to do this?

    If by stack, you mean connect the two switches via Ethernet ports, yes you should be able to do that. Depending on the port capabilities of the switches, and whether they have any special uplink ports, you might need to use a different Ethernet connecting cable (cross-over vs. straight thru).

  • Wireless 3850 and Web-Auth for Wireless clients

    Hi
    I can't get the web-auth feature to work properly on the Catalyst 3850 for wireless clients.
    Internet is all tested and there is full IP connectivity.
    Issue is when I enable the webauth feature on the SSID. Incidentally when I enable the SSID to use consent it works.
    I am using local authentication for the guest users.
    When user logs onto the wireless, they get to the landing page, and are able to enter the credentials then there is a 30 second pause. The client detail says WEBAUTH_PEND and then a pop up window comes back as seen below
    Config below
    interface Vlan302
    description **** Wireless Guest ****
    ip address 10.145.224.161 255.255.255.224
    ip helper-address 10.144.214.134
    ip helper-address 172.17.2.56
    ip http server
    ip http secure server
    ip dhcp snooping
    wlan XXXXX 2 XXXXXX
    aaa-override
    accounting-list default
    client vlan 302
    ip flow monitor wireless-avc-basic input
    ip flow monitor wireless-avc-basic output
    no security wpa
    no security wpa akm dot1x
    no security wpa wpa2
    no security wpa wpa2 ciphers aes
    security dot1x authentication-list WEB_AUTH
    security ft
    security web-auth
    security web-auth authentication-list WEB_AUTH
    security web-auth parameter-map vit_web
    no shutdown
    parameter-map type webauth vit_web
    type webauth
    security web-auth parameter-map vit_web
    user-name Guest1
    creation-time 1390837878
    privilege 15
    password 7 022D0156060F1B351D
    type network-user description Temp-Guest-User guest-user lifetime year 0 month 1 day 0 hour 0 minute 0 second 0
    user-name Guest2
    creation-time 1390838016
    privilege 15
    password 7 0724244143000D1145
    type network-user description Temp-Guest-User guest-user lifetime year 0 month 1 day 0 hour 0 minute 0 second 0
    aaa new-model
    aaa authentication login WEB_AUTH local
    aaa authorization network WEB_AUTH local

    Hey Greg,
    Did you also define the global webauth parameter? I think I had to do this to get my 5760 "working" or as working as these new controllers can be.
    parameter-map type webauth global
    type webauth
    virtual-ip ipv4 x.x.x.x wlc.whatever.org
    max-http-conns 50
    Also I had to enable http server in addition to secure server
    ip http server
    ip http secure-server
    Are you using a self signed cert?
    I saw windows clients take a long time to load the page when using a self signed cert.
    MAC clients dont seem to work if you use the IOS or OSX based logon. You'll need to disable the auto logon and launch a browser for the redirect. There was a bug ID around this MAC problem which was supposedly resolved in 3.3.1SE  but I still have the problem.
    -Kyle

  • Web dynpro for ABAP serv - Switch to Another Personnel Number (Substitute)

    All,
    Is the service Switch to Another Personnel Number (Substitute) to change the persnnel number to be create travel expenses availible in WDA. I could not find the same.
    we are planning to use WDA services for travel management w/o installing portal. As it happens anywhere Travel assistants enter most of the travel data. We cannot use the WDA travel services, if Switch to Another Personnel Number (Substitute) is not availible in WDA.
    I am perplxed as to why just this one service is not avilible in WDA. Any ideas gentlement, before I raise this with SAP

    Hello Sameer,
    Starting ABAP Web Dynpro the "Switch Personnel number" has been replace by the POWL Functionality. Please kindly check your Release Notes for this.
    Regards,
    Raynard

  • Web fonts for non-Roman languages

    The Add Web Fonts dialog in Muse makes it easy for me to find fonts for English and other languages that use the Roman writing system. I need to find fonts for Arabic, Chinese, Japanese, Korean, Russian and Thai, and possibly other systems too.
    Is there a way to search for such fonts, and to preview fonts in the language in which they will be used?

    no because they're not avalible, i think. if live text doesn't matter to you you can just use the fonts localy on your computer and muse will generate a picture of the text area using that non roman font. else if you know your way around code you can just replace the fonts in the css. as for writing in arabic, it'll probably have the same problem as writing in hebrew where muse might align right but you can't set a text box to a RTL direction which means that whatever you write in websafe fonts (if they even exsist, i've no idea) will display in LTR direction. which you can go on and change later in css per text box. another thing you might want to remember before writing in arabic selecting some very spesific font is that since the text boxes turn to images you won't be able to change the direction later on because it's no longer live text.
    hope it helps.

  • Using FCoE connection to non Cisco switches

    Hello,
    does anyone know what port configuration needs to be configured on a Nexus switch that is connected to say Brocade switch or any other vendor that supports FCoE. I have created VLAN to VSAN mapping, i assume next step is to create a vfc device ? Since this is not connection to an initiator or a target but another FCoE capable switch, how do i need to configure this vfc ?  Any tips ?
    Thanks

    Hi,
    Looks like from the document that you referenced that this switch runs in NPV mode for FCoE:
    FCoE features
    Fibre Channel over Ethernet (FCoE*)
    FIP & FCoE packets are all forwarded when DCB is configured
    * FCoE frames as defined by T11 Committee
    So, I would configure the Cisco Nexus switch for FCoE and NPIV
    Configure the Nexus 5000 for FCoE and NPIV
    There are several procedures that are required in order to configure the Nexus 5000 for FCoE and NPIV:
        Enable Feature FCoE
        Enable N Port Identifier Virtualization (NPIV) on the Nexus 5000
        Enable Nexus 5000 Quality of Service (QoS) for FCoE
        Enable Link Layer Discovery Protocol (LLDP)
        Configure VLAN
        Configure VSAN
        Map the VLAN to VSAN
    Example:
    feature lldp
    feature fcoe
    feature npiv
    interface vfc130
      bind interface Ethernet1/30
      switchport mode F
      no shutdown
    interface Ethernet1/30
      switchport mode trunk
      switchport trunk allowed vlan 1,100
      spanning-tree port type edge trunk
    vsan database
      vsan 100 interface vfc130
    vlan 100
      fcoe vsan 100
    Example of QOS:
     system qos
      service-policy type qos input fcoe-default-in-policy
      service-policy type queuing input fcoe-default-in-policy
      service-policy type queuing output fcoe-default-out-policy
      service-policy type network-qos fcoe-default-nq-policy
    Best regards,
    Jim

  • Looking for a Cisco Switch Metroethernet network

    Dear all,
    I am deploying a metro ethernet network in the city where my company operates.
    I am now thinking to my end customers connectivity to my Metroethernet switches (Cisco Me3800 series switches).
    I am after these kind of switches :
    - 2 ports SFP
    - 6 or 8 Ports 10/100/1000
    -  Possibility to have Switches working in DC power
    - IOS software
    Can someone please advise ?

    ME 3600X has 24 ports copper and 2 SFP+ ports.

Maybe you are looking for

  • Can I use a Itunes gift card to purchase an Iphone?

    I got a gift card that says "Itunes"on it and not "apple"or something like that... I was wondering if that gift card can only be used on the itunes store, meaning I can only buy songs, tv shows, music videos , etc.. with that It's a good amount on it

  • Why does no one care about loyal customers???

    I canNOT believe that I have to take this issue to the top of the company!  I ask for one thing after being a customer for more than a decade.  I ordered 3 new phones for them - we decided to keep 2 and exchange the 3rd in this 2 week deceptive no wo

  • Not able to synch to outlook

    Since my update of Itunes yesterday my iphone no longer is able to sync to outlook. I am running XP professional on a PC. iTunes recognises the iPhone. It performs a backup which takes half an hour, then it only synchs photos and nothing else. This h

  • SD Invoice in spool

    Hi all, My SD invoices are sent to spool, but different invoices are being sent to the same spool order. I want to generate a spool order by invoice. What can I made to solve this? Thanks in advance, R Silva

  • Castor Mapping Derived Fields

    I am using Castor 1.0 and have a java structure like this... public interface Strategy{ ... some methods ...} public class Strategy1 implements Strategy{ ... the methods ...} public class Strategy2 implements Strategy{ ... the methods ...} public cla