You can separate the authentication and the authorization if you want to use
ISE for controlling authorization. If your vpn solution is cisco, the ASA can
talk directly to Azure via SAML and then send authorization requests separately
to ISE. For Duo, you can set up a Duo Proxy via ISE and
Domain Joined machines
I would not recommend that as the device will not be routable on eduroam
outside your campus.
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Heavrin, Lynn
Date: Tuesday, July 27, 2021 at 11:41
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subje
Depending on your RADIUS server you could rewrite the identity to whatever you
want. Some are more granular than others with what all you can do.
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Tim Cappalli
<0194c9ecac40-dmarc-requ...@listserv.educause.edu>
Date:
WLAN
Out of curiosity how would you handle someone that has dual appointments such
as a student that is also an employee?
-Jimmy
On Wed, Jul 7, 2021 at 7:19 PM Heavrin, Lynn
mailto:lheav...@wustl.edu>> wrote:
Feel free to reach out. We’re running 2.7 patch 3 with 8540s. We assign users
t
Feel free to reach out. We’re running 2.7 patch 3 with 8540s. We assign users
to vlans for some things, but we also like actually using ISE assigned
interface groups instead that contain multiple interfaces/vlans for more
scalability.
Thanks,
Lynn Heavrin
Network Engineer III | Network
In my experience it tried to connect then the user is greeted with a retry or
close option if it didn’t succeed. You can always create a new package just
for remote users that won’t try to auto-connect if you are concerned about it.
At the bottom of the profile when you edit it, you can just
Has anyone used EAP-TLS where a Windows device has multiple client certs loaded
in the personal store? Is there a way to force it via GPO to choose one cert
over the other to use for authentication? The user certs from ADCS don’t
always contain a private key in the personal store except on
My memory is a little foggy but I believe last time I imported a certificate
with a private key that was the same as an old cert, it overwrote the old one.
It pops up a warning saying that the private key exists already but then lets
you continue.
Generally I just make a new one with a new
Wait for 2.7 patch 3 at least. There’s a few major bugs that are being fixed.
It’s “supposed” to be released in December…but we’re 10 days in already and
nothing so far.
From: The EDUCAUSE Wireless Issues Community Group Listserv
on behalf of Craig Eyre
Reply-To: The EDUCAUSE Wireless
ity Group Listserv
on behalf of Heavrin, Lynn
Sent: Monday, April 13, 2020 10:42 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [External] Re: [WIRELESS-LAN] NAC/authentication implementations
We aren’t doing eap-tls other than our lab testing right now but talking to
multiple other
We aren’t doing eap-tls other than our lab testing right now but talking to
multiple other universities, we decided to go with SecureW2 to do the
certificate creation and BYOD onboarding. It works great so far in our testing
and we plan to use it on our wired NAC. There’s the option to use
We’re planning to migrate our PEAP MSCHAPv2 wifi to EAP-TLS. At the
recommendation of a couple big universities we talked with, we are looking at
using SecureW2. We have demoed it and it works great provisioning the clients
and enrolling user certificates to their cloud PKI. After bringing
on (to get rid of that stupid flash )
when we have a new maintenance window.
Van: The EDUCAUSE Wireless Issues Community Group Listserv
Namens Heavrin, Lynn
Verzonden: woensdag 9 oktober 2019 22:23
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] WLC & ISE combo issues
We have the same 5441 messages and we are on 8.5.135.0 and ISE 2.2 patch 12.
I don’t have any evidence it’s service impacting but it is annoying. You need
to upgrade from patch 5 to address some serious bug and vulnerabilities. Patch
15 is out.
We also get the 5441 messages on our VPN
14 matches
Mail list logo
