|
|
1
« Last post by MC on October 31, 2021, 09:40:53 PM »
Hi Aris, Assuming you have two 9500, you should be able to remove one and add a 9600. Keep in mind the IP for transit /30 VLAN to fusion router may change unless the latest version of DNAC allows you to specify it somehow so be prepared to update config on the fusion device, both interface IP and BGP. Once you get one 9600 running, repeat the same step on the other 9500. The other option is to add the 9600 as stackwise virtual and follow same process. If you find a better approach, please share experience and feedback.
2
« Last post by aris on October 05, 2021, 10:47:05 PM »
Hello all,
I was wondering how difficult is to migrate a 9500 border node to a 9600 when the SDA fabric is up and running. Can they run in parallel and once the physical connections are moved to the new switch the old one can be decommitted.
Thank you.
3
You can certainly use RADIUS probe only for profiling by not enabling SNMP poll or configure IP helper but ISE may not have enough information to accurately identify the device. Enabling device-sensor will collect CDP/DHCP info unless a filter is configured. Here is more info You are not allowed to view links.
Register or Login
4
I am trying to build a Cat3850 as a device sensor and want to use radius only with ISE to both profile and authenticate... is this possible. I don't want CDP, add my ISE through ip helper or enable SNMP... Can ISE be configured without this additional means. I am in a high security area and don't want this integration between the NAD and the ISE
5
« Last post by MC on January 10, 2021, 03:25:08 PM »
Depending on is rules condition is available, you might be able to allow limited AD access when this happens so user can only change password, otherwise, user may need to change password using other OOB method.
6
« Last post by MC on January 10, 2021, 03:22:18 PM »
I am not aware of any limitation and can't see why it wouldn't work. FTD in the cluster should collaborate multicast forwarding although there may be differences depending if you do L2 or L3 load distribution between FTD in cluster.
7
« Last post by samyasa on January 06, 2021, 02:51:30 AM »
Hi
what is the mose that you are using in the switch port (closed mode , Open Mode )?
8
« Last post by samyasa on January 06, 2021, 02:48:36 AM »
Hi
kindly I need to know how the FTD cluster will handle Multicast traffic?
if we have an example to be flow in the configuration
we have a cluster of 6 modules X 2 9300 chasses
thanks
10
Hello Friends,
I am trying to solve a problem here with EAP Chaining. I have configured Machine authentication via Cert and User Authentication via MSCHAPv2. Created Authorization profiles for Machine and User and then Attached that to respective Policy for Machine Auth and User Auth.
Everything works as expected on the when the computer boots up and join the network for the first time. It hits the right Machine Authentication policy followed by right User Authentication.
Here is the problem, if the port is bounced or if user disconnects and reconnects to the network, Authorization will fail. I am using PACs and not sure why this would happen.
Any suggestions or help folks ??
|
Recent Posts