MS Peap,XP SP1,Non Cisco Card, ACS 3.2,Ap1200
Hi,
I am trying to set up MS Peap with the required hardware. I have read through the document ID:43486. In this, the software they use to test for AP1200 was 12.01T.
My query is that I am running 12.2(13)JA3 the latest and greatest on Ap1200. Will it work for Peap or I can only setup Peap with the 12.01T.
Can you please recommend any documentation. Since a month I am trying to get it working.
Hardware:
ACS 3.2
Linksys Wireless Card
Xp Sp1
Regards
Khaleefa Mahmood
Yes, 13JA3 works with PEAP just fine.
Similar Messages
-
Yet another PEAP question...non-Cisco cards...
So, we are about to embark on building a wireless network infrastructure using 1220 AP's. So far all wireless clients use Cisco cards and Win2k.
People are interested in all sorts of wireless devices now, some including built in wireless nics or no pci or pcmcia card slots.
We have ACS 3.1.1. Can we use PEAP in our situation with a client using say a Compaq tablet PC with an integrated NIC? Or, how about a desktop PC running Win2k using something other than a Cisco card? If so, what are the required pieces? PEAP supplicants? etc?
Thanks!Hi ,
In short answer is
a) If ACS supports eap-chap ( which microsoft supports ) , you can use
non cisco card with microsoft supplicant and will work fine
I believe acs 3.2 will support is , I am not sure on acs3.1.1
b) You can buy 3rd party supplicant like meeting house etc and can use
non cisco card
http://www.cisco.com/warp/public/779/smbiz/wireless/wlan_security.shtml
http://www.cisco.com/en/US/partner/products/hw/wireless/ps458/prod_bulletin09186a0080100194.html
http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/products_qanda_item09186a008010018c.shtml
PEAP is hybrid process ( combination of leap and eap tls )
To download server side certificate on ACS you can use eap tls doc.
Depending on AP use either of following doc
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i1224ja/i1224icg/ivicgaut.htm
You have to careful while selecting the client supplicant , you can choose Cisco peap supplicant or Microsoft peap supplicant
You can have Microsoft peap supplicant or Cisco Peap supplicant .
If you have windows 2000 OS , than if you load service pack3 , Microsoft peap supplicant is installed . On top of this if you install ACU 5.05 microsoft supplicant wil be overwritten by Cisco supplicant .
In case of XP , if you install service pack 1 , it will install microsoft peap supplicant , if you install ACU 5.05 it will be overwriteen by Cisco Peap supplicant .
Microsoft peap supplicant send eap-Chap in EAP tunnel and Cisco support EAP-GTC in eap tunnel .
with non cisco card it depends on which radius server and database you are running .
At present ACS 3.1 supports EAP-GTC so it will not interoperate with Microsoft supllicant . In later release ACS will have support for EAP-Chap so
that you can use 3rd party card with Microsoft supplicant and ACS3.2
http://www.cisco.com/warp/public/779/smbiz/wireless/wlan_security.shtml
http://www.cisco.com/en/US/products/hw/wireless
Nilesh -
Is "client power management" understood by non-Cisco cards?
I would like to tailor the "power client" IOS command to instruct WiFi adapters to limit their max transmiting power.
Will this be understood by non-cisco cards? In other words: is this a standard 802.11 power management command?
I am a little bit confused, because the documentation says that in order to use this command, "Aironet extensions" must be enabled....What you are describing is often referred to as DTPC (Dynamic power control or Dynamic transmit power control). The following link shows the syntax for it. It only works with clients that support DTPC. This is a capability of clients that support CCX (v4 I believe). Most modern client adapters support CCX, as long as you are using their client software (such as ProSet for Intel). If you tell us what cards you have I can try to find if they support CCX and DTPC.
http://cio.cisco.com/en/US/products/hw/wireless/ps430/products_configuration_guide_chapter09186a0080606d4a.html#wp1034946
- Eric -
What Non-Cisco Cards or Built-in Cards work with LEAP?
I have just installed ACS and LEAP and have several Laptops in my office that have built in Wireless NIC's. I have read many posts that say this one or that one works with the right drivers, but none that list all the one's that will work with LEAP. Thanks for any assistance you can give.
David Beaverhttp://www.cisco.com/en/US/partners/pr46/pr147/partners_pgm_partners_0900aecd800a7907.html
Cisco Compatible wireless clients will feature the Cisco Wireless Security Suite, which includes the Cisco EAP (LEAP) 802.1X authentication type. Customers can implement the award-winning Cisco security solution across Cisco clients and those of other suppliers. The program provides complete support for Cisco VLANs, providing benefits such as flexible security schemes in a mixed client environment and optimized performance in Cisco VLAN deployments. And because Cisco Compatible wireless clients are IEEE 802.11 compliant and Wi-Fi certified, they are fully compatible with other Wi-Fi certified products. -
We currently own several Cisco aironet cards which we do site survey's with. As a company standard our laptops were replaced with new laptops which did not include type II pcmcia slots. Is their a solution for the express 34/54 slots to work with the Cisco aironet site survey software?
I have seen PCMCIA to USB adapters but I think they need to be cutom made for each type of PCMCIA card. Does anyone know of a suitable adapter?
-
EAP-TLS witch Cisco Secure ACS
Hi everyone,
we have implemented wpa/leap in our WLAN. We would use certificates for machine authentication. There is a Cisco Secure ACS Server 3.3 installed.
Is it possible to use the ACS self generated certificate without a CA ?
The examples I found on the web describes only the configuration with CSACS with Microsoft CA.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a6b.html
We use Cisco AP1231/AP1232 with 12.3.4JA.
I think for machine authentication we have to install a CA. Let me know, how you think about that issue.
ArminThere are no much options on Client side: MS PEAP, EAP-TLS, EAP-MD5. ACS version 3.3 can generate self-signed certificate (for itself) without the need to install separate CA server. So I'd recommend you to use MS PEAP (PEAP MS-CHAPv2) with self-signed certificate on ACS.
-
Patch rollup for Cisco Secure ACS 4.2 fails.
I've got 2 freshly installed ACS 4.2 for Windows servers and I need to apply the latest patch rollup before I build the configurations. I stopped the ACS services and ran Acs-4.2.0.124.15-SW.exe to install the patches. The application begins running fine but fails on upgrading the database and then none of the ACS services would start. I was able to restore the files from the backup that runs with the patch utility and get ACS functioning again. What am I missing - does the patch rollup require any specific Microsoft Patches to be installed or something like that?
ThanksThanks for the feedback. I attempted the patch rollup install again and it failed in the same place - on the database upgrade. I did think of one thing. Do I need to have my antivirus/protection services disabled prior to installing the rollup?
Also my versions are as follows:
Server OS - Windows Server 2003 R2
Cisco Secure ACS - 4.2.(0) Build 124
Thanks,
Richard Jaehne -
Integration problem between Cisco Seure ACS 4.2 with LDAP
Hi expert,
I have a problem with the integration between Cisco Secure ACS 4.2 with SUN Java System Directory (LDAP). During the integration, I noticed that user failed to authenticate against LDAP via Cisco Secure ACS. The error message is "Authentication Type is not supported by external DB". In this case the "external DB" refer to LDAP. Anyone of you having an experience on integration on both product before? Can any of you give me some pointers about this. Attached are both screen capture on my ACS server.
Thanks very much,
DanielHi,
Thanks for the compatibility chart. Oh dear ..., it seems that the LDAP does not supports PEAP (EAP-MS CHAPv2) at all. Am not sure if the latest LDAP (particularly for SUN Java System Directory) able to support this authentication protocol.
Just to clarify with you all just in case if you wonder what I'm trying to do; our company wants to implement 802.1x over the network. So, every staff on the network must authenticated before able to access the network resources. Our Linksys switches supports this standard including Cisco switches of course. Our RADIUS server is Cisco Secure ACS 4.2 but all those users information including username and passwords are stored in our directory server (LDAP) which is SUN Java System Directory.
Since most of our staff machines are running on XP and Vista, the only available authentication method (beside certificate based) is PEAP (EAP-MSCHAPv2). Based on the compatibility chart, the generic LDAP does not supports this authentication protocol as what we noted the "authentication type not supported by external database" error message in the ACS logs.
From what I learned that the latest LDAP (version 3.0?) able to support this authentication protocol, but yet to be confirmed on my further research.
So... Anyone can advice me on this matter? Thanks very much ! -
Reimage cisco 1113 ACS - NIC driver
HI,
I tried to re-image a cisco 1113 ACS appliance into windows 2003 and was successful. I suppose to use this for my staging/LAB.My only problem is the NIC cards shows unknown since no appropraite driver was found. Googled for a few days but ends up nothing. Does anybody knows the exact driver? Appreciate anybody's reply.
Thanks.Just for everybody's info.
I manage to download the NIC driver. It is a Generic Broadcom NetXtreme Gigabit Ethernet.
Now it is working fine. -
Looking for successful auth debug between cisco 1113 acs 4.2 and Active Directory
Hello,
Does anyone have a successful authentication debug using cisco 1113 acs 4.2 and Active Directory? I'm not having success in setting this up and would like to see what a successful authentication debug looks. Below is my current situation:
Oct 6 13:52:23: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:23: TPLUS: processing authentication start request id 444
Oct 6 13:52:23: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:23: TPLUS: Using server 110.34.5.143
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 26 (0x1A)
Oct 6 13:52:23: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:23: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:23: T+: user:
Oct 6 13:52:23: T+: port: tty515
Oct 6 13:52:23: T+: rem_addr: 10.10.10.10
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:23: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
Oct 6 13:52:23: T+: msg: Username:
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:23: TPLUS: Received authen response status GET_USER (7)
Oct 6 13:52:30: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:30: TPLUS: processing authentication continue request id 444
Oct 6 13:52:30: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 15 (0xF)
Oct 6 13:52:30: T+: AUTHEN/CONT msg_len:10 (0xA), data_len:0 (0x0) flags:0x0
Oct 6 13:52:30: T+: User msg: <elided>
Oct 6 13:52:30: T+: User data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE: wrote entire 27 bytes request
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:30: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
Oct 6 13:52:30: T+: msg: Password:
Oct 6 13:52:30: T+: data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:30: TPLUS: Received authen response status GET_PASSWORD (8)
Oct 6 13:52:37: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:37: TPLUS: processing authentication continue request id 444
Oct 6 13:52:37: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:37: T+: AUTHEN/CONT msg_len:11 (0xB), data_len:0 (0x0) flags:0x0
Oct 6 13:52:37: T+: User msg: <elided>
Oct 6 13:52:37: T+: User data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE: wrote entire 28 bytes request
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 33bytes data)
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 45 bytes response
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 33 (0x21)
Oct 6 13:52:37: T+: AUTHEN/REPLY status:7 flags:0x0 msg_len:27, data_len:0
Oct 6 13:52:37: T+: msg: Error during authentication
Oct 6 13:52:37: T+: data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:37: TPLUS: Received Authen status error
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: timed out
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: No sock_ctx found while handling request timeout
Oct 6 13:52:37: TPLUS: Choosing next server 101.34.5.143
Oct 6 13:52:37: TPLUS(000001BC)/1/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:37: TPLUS(000001BC)/46130160: releasing old socket 0
Oct 6 13:52:37: TPLUS(000001BC)/1/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:49: TPLUS: processing authentication start request id 444
Oct 6 13:52:49: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:49: TPLUS: Using server 172.24.5.143
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 26 (0x1A)
Oct 6 13:52:49: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:49: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:49: T+: user:
Oct 6 13:52:49: T+: port: tty515
Oct 6 13:52:49: T+: rem_addr: 10.10.10.10
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 43bytes data)
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 55 bytes response
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 43 (0x2B)
Oct 6 13:52:49: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
Oct 6 13:52:49: T+: msg: 0x0A User Access Verification 0x0A 0x0A Username:
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Received authen response status GET_USER (7)
The 1113 acs failed reports shows:
External DB is not operational
thanks,
jamesHi James,
We get External DB is not operational. Could you confirm if under External Databases > Unknown User Policy, and verify you have the AD/ Windows database at the top?
this error means the external server might not correctly configured on ACS external database section.
Another point is to make sure we have remote agent installed on supported windows server.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289013
Also provide the Auth logs from the server running remote agent, e.g.:-
AUTH 10/25/2007 15:21:31 I 0376 1276 External DB [NTAuthenDLL.dll]:
Attempting Windows authentication for user v-michal
AUTH 10/25/2007 15:21:31 E 0376 1276 External DB [NTAuthenDLL.dll]: Windows
authentication FAILED (error 1783L)
thanks,
Vinay -
With Cisco Secure ACS For Windows TACACS+, authentication fails with AD
I am setting up a Cisco Secure ACS 4.2 server to act as a TACACS server for Switches and Routers I am using Windows 2003 server for the ACS,
and a Windows 2003 Active Directory server. The AD server is fine, as it is used for many other things.
I have set up ACS as defined nit he installation guide, including all the steps in the 'Member Server' section of the install guide
when using AD as an external database (i.e. setting up the services to run with a domain admin account, setting up a machine called 'CISCO'
on the domain etc).
I've set the unknown user policy to use the Windows database if the internal database doesn;t contain the user details.
If I add a user to the internal database, the authentication goes through fine, with an entry in the 'Passed Authentications' log,
02/24/2010,05:07:03,Authen failed,eXXXX,Network Administrators(NDG) ,X.X.X.X,(Default),Internal error,,(geting error message as INternal Error)
I've scoured google etc, and just cannot come up with any reason why this should be happening.
I've followed all the install guides to the letter. I need to get this up and running as soon as possible,
so am looking forward to finding out if anyone can help me with this one!
THanks and regards
SharanHi Jesse,
Thasts a great answer and Soution.
My previous version was 4.2 and it was installed on 64 bit machine hence getting internal Error.
After this answer i have upgraded it to ACS4.2.1 and its started working fine
Thanks very much for the help
Dipu -
Setting privileges in Cisco Secure ACS Version 5.1.0.44
I am setting privileges in Cisco Secure ACS Version 5.1.0.44.
In the command sets from the ACS server, I denied few commands as can be seen in the attached screenshot and selected 'Permit any command that is not in the table below'.
I am unable to see some commands like "Show running-configuration" from the router I was testing. What changes should I do to see all the commands other than the denied commands. Your help will be rated. Thank you.Hi,
The ACS is able to handle permit or deny commands.
I created a configuration example that will help you to understand command shell.(see attach doc)
Instead of using show running-config please use show config.
also make sure that all the users are using privilege 15.
Regards, -
Non CISCO unknown devices are being discovered in LMS
Hi!
I have had no problem with discovery which was used on cdp basis so far.
Now the CDP packets do not arrive via new MPLS backbone network. I have to use the "ping sweep feature in IP range" feature. I had to enter more than 400 subnet from file before there are more than 400 branches. ( etc. 10.31-9.1-50.252 255.255.255.252 )
I have experienced two problems
1. The discovery never end ( now this is not important ) :-)
2. The common services -- device management shows discovered unknown devices whose ip addresses out side the range what are entered by me in the ping sweep range and theirs OID is not CISCO.
( 1.3.6.1.4.1.2001.1.1.1.1 , 1.3.6.1.4.1.11.2.3.9.1 , 1.3.6.1.4.1.674.10892.2 , 1.3.6.1.4.1.18334.1.1.1.2.1.7.1.2 and even more )
Due to more than 300 unknown devices the LMS device number is beyond the license number!!!!!
Our questions.
Why does lms add the unknown devices ( non cisco devices ) to the inventory ?
How could lms discover these devices ??? ) ( theirs IP are out of ping sweep range and non cdp capable devices )
Thanks in advance!Thank you!
The unknown devices were in unreachable state and they were added to DCR.
I don't use include or exclude filter what were referred by bug.
In spite of i use seed device list from file the LMS ping sweep debug log shows that LMS try to ping other IP addresses!!!!
You're right, it is not normally operation may be TAC will be needed to solve it.
( whether who tested it ?)
Regards, -
Using 802.1X and non-Cisco IP Phones
Hi there,
Having some questions about an 802.1x/non-Cisco ip phone setup and was hoping to find some answers/user-experience with this setup.
Main questions i'm facing:
1) When using non-Cisco ip phones (eg Nortel or Siemens) and a previous authorized client connected behind this ip phone gets disconnected. What will this action do with the authorized state of 802.1X on the switch port? WIll it stay authorized until the reauth timer expires or does it reject communication from any other device?
2) What about EAPOL-Logoff messages from the ip phone to the switch. Are these only used by Cisco phones when they experience a link-status change on data ports?
Thanks for sharing your thoughtsOverall, you need to try and deal with the fact that a machine can disappear from the network and the network may not know about it directly (i.e. Link doesn't go down).
I have no idea what other phones do, but Cisco phones send an EAPOL-Logoff when something is unplugged. This lets the switch know directly, and 1X session start is torn down immediately, closing what would be a security hole.
Fundamentally, re-auth is a workaround only, and this is not the reason to enable re-auth to begin with.
If your phone doesn't send an EAPOL-Logoff in this case, the switch might be left thinking an attack is underway when someone else tries to plug in (with presumably a different MAC). You do NOT want this to occur.
Hope this helps, -
ISE web auth for non-cisco switch(D-link 3528)
Is it possible to use ISE(inline posture node) to redirect the wired users to ISE guest portal ?
And the wired users will get full network access after they pass the web auth.you can use ISE ln-line posture node with 3rd part switches
RADIUS access device must supply the following RADIUS attributes:
Calling-Station-Id (for MAC_ADDRESS)
User-Name
NAS-Port-Type
RADIUS accounting message must have the Framed-IP-Address attribute
VLAN, DACL features can be used but again it depends on switch models let us know specific switch models . Certain advanced use cases, such as those that involve posture assessment, profiling, and web authentication, are not consistently available with non-Cisco devices or may provide limited functionality,
Maybe you are looking for
-
i have over 700 songs in my i tunes which are from 2 different emails --- when i go to sync my music it will only sync 60 songs. how can I get it to sync all my songs. I now have a different email that my ipod is under. does that make difference? I d
-
I have had 3 trade ins recently where I did not receive my GCU 10% bonus or any of my reward zone points. I have been told my GCU has expired or been assured the 10% bonus does not apply. It is such a pain to do trade ins in store with employees who
-
Hi, Im using GB3 & some Bheringer monitors & a line 6 tone port interface as sound card / guitar simulator. getting a good monitoring level is difficult,( guitar not as loud as track) i was told to have monitor off in GB, but having it on seems to bo
-
Oracle OVM 3.1.1 with Cisco 4948 - link aggregation ?
I have two Dell R710's in a lab that I am attempting to create a 2 node OVM cluster. I am specifically looking for assistance with the Cisco etherchannel setup and OVM bonding on the interfaces. I have configured bonding with Cisco and VMWare many ti
-
Unable to add "SendGrid" app service with 6-Month Plan (Prepaid)
Hi, I'm unable to add "SendGrid" app service from my account. I was signing up free plan of "sendgrid" account with "SouthEast Asia" region. And I was using Azure account with 6-Month Plan(prepaid). The error message as following: We cannot provide