pfSense admin authentication using Cisco ISE
This post covers the configuration of Cisco ISE as the RADIUS external identity source for administrative logins.
Continue readingCategory: Cisco ISE
ISE 3.1 and Zero Touch Provisioning
Cisco ISE 3.1 added a new feature called Zero Touch Provisioning (ZTP). Not only does it allow you to create a configuration file in which the ISE node can be configured (IP, hostname, DNS, etc.) it can also automatically install any hot fixes or patches immediately after it is set up.
Continue readingGuest access and randomized MAC addresses
With randomized MAC addresses becoming more of the norm for mobile devices, it’s time to think about how you handle guest access. The main configuration I’ve seen is authenticating the connection, adding the MAC address
Continue readingUsing TEAP for EAP Chaining
Authenticate user and machine certificates at the same time (EAP chaining) without using the AnyConnect NAM.
Continue readingUsing iPSK Manager with ISE for BYOD
Using the iPSK Manager for Cisco ISE for provisioning wireless BYOD and IoT device access.
Continue readingAuthenticating Meraki VPN using Cisco ISE
Configuring Cisco ISE and Meraki MX VPN for client authentications.
Continue readingAnyConnect ISE posture module discovery host and call home list
Taking a look at the discovery host and call home list settings in the AnyConnect ISE posture module configuration.
Continue reading802.1x guest users created via Sponsor Portal
Instead of using a Network Access Users account, we are going to create guest accounts via the sponsor portal that are allowed to authenticate using 802.1x.
Continue readingYou need a second ISE node CLI admin account
It’s a scenario I’ve seen pretty often. You try to log into the CLI of an ISE node (SSH or console) with the admin account and the login fails. You verify that the password is
Continue readingNew IBNS 2.0 switch template
After a long delay, I finally finished configuring and testing a new IBNS 2.0 template. A link can be found on my NAD template page. There aren’t a lot of changes between this template and my original C3PL template.
Continue reading