Using IBNS 2.0 policy maps for differentiated authentication

Sending authentications to different RADIUS servers/deployments has been pretty easy for wireless controllers for a long time now. Configure the RADIUS servers and assign them per SSID/WLAN. This wasn’t always possible for wired users on the same switch. With IBNS 2.0, we can now utilize policy maps to configure each port to send the authentication to a different RADIUS server deployment.

Cisco 3850 fails to send dot1x authentications after Denali upgrade

This isn’t a Cisco ISE bug but it could affect ISE deployments. A customer had recently deployed several Cisco 3850s with Multigigabit at their headquarters. Initially, the switches were deployed with IOS XE 3.7.5. We tested the Cisco ISE configuration on those switches (Monitor Mode) and everything worked properly. The customer was able to authenticate…

DHCP snooping and port channels

DHCP snooping is critical when using device sensors built into the switch for profiling with Cisco ISE. Setting up DHCP snooping allows the switch to collect DHCP information on endpoints which can then be forwarded to ISE in RADIUS accounting packets. DHCP snooping also allows you to configure the switch to only allow DHCP from…