ISE 1.4 and Apple 'captive Network Assistant"causing problems

I'm testing ISE 1.4 with 10.10.2/Safari 8.0.3 MAC and the boring revised downward Safari AKA "Captive Network Assistant" gets in the way.  I wonder what other people did to work around.

According to the compatibility of network component Cisco ISE v1.4 Safari I must be compatible, in captivity Network Assistant says that this isn't, but I suspect its because the computer MAC laptop try to validate with ~ 200 areas (so I hear for this).  My ISE/WLC have a DACL that allows certain IP addresses before finishing the AuthC/Z, and obviously I can't put in the DACL for all 200 of these areas.  My ISE is configured with trustsec model where I have two SSID, a first on the front-end to detect if Anyconnect 4.x is installed and if it is not then redirect to a portal.  Fails it MAC peripheral security check cause... or should I say will not display it. cause Apple Network Assistant captive.

I know I can disable the captive Network Wizard by renaming the file, but it will probably not an acceptable solution in my environment for political reasons.  I wonder what others have done to bypass this annoying problem.  Maybe something with a DNS record or something...

Thank you

e-

Common recommendation is to deceive the apple devices to think he has access to the internet by running this command on the command-line of your WLC:

config network web-auth captive-bypass enable

Tags: Cisco Security

Similar Questions

  • AVG Internet Security and AVG PC Tuneup will cause problems after upgarding to Windows 10?

    Original title: AVG vs 10 widows

    I used AVG Internet Security 2015 and AVG PC Tuneup 2015.  They will create no problem if I install Windows 10 as a replacement for Windows 7 Home Edition? wouldn't be better to remove them?

    If you look at the AVG support community there is not a lot of issues with AVG and Windows 10 products and the few that you can read on are resolved quickly - usually with an AVG uninstall and reinstall (especially after the migration of the BONE).

    If you are migrating your Windows 7 to Windows 10 I think I would uninstall all AVG products if they don't get in the way, completed the transition from OS and then reinstall AVG products from scratch on Windows 10.  Some problems of AVG support are usually solved with uninstall/reinstall anyway.

    From the looks of the circulation in this Windows 7 community, you're more likely to have questions Windows 7 migration to Windows 10 (or try to go back) with AVG.

  • iPad, Safari froze and was told that I had to call apple for support assistance.

    My iPad Safari froze and was told that I had to call apple for support assistance.  I called and gave the last four digits of my serial number of the iPad.  They wanted me to download app and pay money, but it felt weird, so I hung up. Am I or my systems compromised in any way by calling and giving the serial number or hang up in time that nothing should be affected?

    Do this...

    Tap Settings > Safari and then slide down and tap clear history & data website, then reboot your iPad.

    The number they gave you is not Apple.

    Never give any personal data abroad on the net, including serial numbers.

  • I have House part for my iPhone and apple TV, but the iPhone libraries are not listed under computers on Apple TV.  I don't see libraries for my Mac.  I use the same ID across the three devices apple

    I have House part for my iPhone and apple TV, but the iPhone libraries are not listed under computers on Apple TV.  I don't see libraries for my Mac.  I use the same identifier apple through the three devices. I have an iPhone 6 more working 9.0. The devices are all on the same home network running.

    You can't share a library that is located on an iPhone, iPod or iPad with other devices. You can only share a library that is located on a Mac or a PC with other devices. On other devices, iPhone, iPod and iPad for example, you then activate home sharing to connect to the shared library.

  • I want to put gmail in icloud and apple ID

    I want to put gmail * identifying apple and icloud

    Howdy there RossN,

    Looks like you want to change your Apple ID email to Gmail account address, or you want to add as another rescue email address. If you want to change your Apple ID email to this email address, use this link:

    Change your Apple - Apple Support ID

    If you want to add to your account with an additional email address to use this article:

    On your Apple ID email addresses - Apple Support

    Additional e-mail addresses

    Many of us have more than one email address that use friends and family to join us. Add an e-mail address that you frequently use your Apple ID account, so people can easily find and communicate with you about services such as FaceTime Apple, iMessage, Game Center, and find my friends.

    To add an additional email address, follow these steps:

    1. Sign in to your Apple ID account page.
    2. Click on change in section account.
    3. Under available to, select Add a new email address.
    4. Enter your additional e-mail address, and we will send you a check to this address. Did not get the email?
    5. Enter the verification code and then click on check.

    If you want to remove one of your additional e-mail addresses, click on next to the address.

    If you try to set it up as an e-mail address for emergency use this section of the same article:

    Rescue email address

    Have an alternate email address is optional but recommended. If you've forgotten your security issues, you can use your rescue Reset e-mail address. If you don't have an alternate email address, you should contact Apple Support for assistance. We will also send notifications related to the security of account to your e-mail address of relief.

    Follow these steps to add or change an alternate e-mail address:

    1. Sign in to your Apple ID account page.
    2. Click on edit in the Security section. You may be asked to answer one or more security issues before you continue.
    3. If you want to add an alternate e-mail address:
      • Under rescue Email, click Add an E-mail address, and then enter your email address of relief. We will send you a check to this address. Did not get the email?

      • Enter the verification code and then click on check.
    4. If you want to change an alternate e-mail address:
      • Select change E-mail address under the address you want to change, and then enter the new address. We will send you a check to this address. Did not get the email?

      • Enter the verification code and then click on check.
    5. If you want to remove an alternate e-mail address, click on next to the address.

    If you use two-factor authenticationor two-step verification , you have a notification e-mail address, not an alternate email address. With two factors and validation in a two-step authentication, you don't need a rescue address. You can also use these steps to add or change your notification e-mail address.

    Thank you for using communities of Apple Support.

  • In the Windows Installer box - insert Dell network Assistance

    original title: Windows Installer box.

    Windows Installer box - message says:

    "The feature you are trying to use is on a CD-ROM or another removable disk that is not available.  Insert the disc "Dell network Assistance.

    I don't know which disk i.e. - any ideas.

    Occurs when I try to open MS Word or something in the office.

    WORKED FINE YESTERDAY

    Help

    Hello

    ·         This only happens when you use Office applications?

    Try to reinstall network of Dell since the Dell software came with the computer and check if this is useful.

    Hope this information is useful.

    Amrita M

    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Cisco Network Assistant

    Hello

    Anyone know how really peripheral can be added in the community and manage through CNS version 6? I read on the website of cisco that Cisco Network Assistant can support up to 40 aircraft in the community, I don't know if it was for the previous ANC 5.0 version as shown in the link http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/network-assistant/product_data_sheet0900aecd8068820a.html for switches 40 or less while watching in the version 6.1 of the ANC data sheet , he also mentions the community limiting to 40 devices while the following link http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/network-assistant/datasheet-c78-730210.html shows that for switches 40 or less. Will be looking forward to seeing the answers.

    Thank you

    Waydee

    Hi Waydee

    Please refer to the for Cisco Network Assistant Release Notes 6.0 and later versions , where you can find all of the changes. In summary the community limits are same (max 40) compared to the old version (5) of the CNA.

  • Cisco Network Assistant 5.5

    I downloaded Cisco Network Assistant 5.5, every time when I try to run I get the error message "can't creat Java virtual Machine"any idea how to solve this problem? ".

    I  downloaded Cisco Network Assistant 5.5, everytime when I try to run I get error message "Could not creat Java virtual Machine' any idea how to solve this?

    To work around this problem, open the file C:\Program Cisco Systems\CiscoSMB\Cisco network Assistant\startup\startup.properties (the default installation path) and modify this entry:

    JVM_MAXIMUM_HEAP = 1024 m

    Replace 1 024 m with a bass that does not exceed the available RAM. There is no way to predict what value will work. Try 512m and drops even if necessary. You can use the dial peer tag range 2500 to 2999 out-of-band to set your own dial peers.

    Go to the link for more information below

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_network_assistant/version5_0/release/notes/OL12210a.html

    Hope to help!

    Ganesh.H

    Don't forget to note the useful message

  • ISE with WLC AND switches

    Hello

    We run 3xWLC controller with 800 AP using ISE 1.2 for authentication wireless 802. 1 x. I was looking in the config of the ISE and notice of 400 edge cheating only 2x2960s are configured with 802. 1 x (ISE RADIUS config) and SNMP and only 2 of the port is 2 ap tie with swtich remaining ports.and the 3XWLC in network devices.

    I do not understand how an access point is to do this work (802.1 x) because it is location on different site and people are connecting to various different locations. ISE almost run/do 11 876 profiled ends.

    version 12.2
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$ fokm$ lesIWAaceFFs.SpNdJi7t.
    !
    Test-RADIUS username password 7 07233544471A1C5445415F
    AAA new-model
    Group AAA dot1x default authentication RADIUS
    Group AAA authorization network default RADIUS
    Group AAA authorization auth-proxy default RADIUS
    start-stop radius group AAA accounting dot1x default
    start-stop radius group AAA accounting system by default
    !
    !
    !
    !
    AAA server RADIUS Dynamics-author
    Client 10.178.5.152 server-key 7 151E1F040D392E
    Client 10.178.5.153 server-key 7 060A1B29455D0C
    !
    AAA - the id of the joint session
    switch 1 supply ws-c2960s-48 i/s-l
    cooldown critical authentication 1000
    !
    !
    IP dhcp snooping vlan 29,320,401
    no ip dhcp snooping option information
    IP dhcp snooping
    no ip domain-lookup
    analysis of IP device
    !
    logging of the EMP
    !
    Crypto pki trustpoint TP-self-signed-364377856
    enrollment selfsigned
    name of the object cn = IOS - Self - signed - certificate - 364377856
    revocation checking no
    rsakeypair TP-self-signed-364377856
    !
    !
    TP-self-signed-364377856 crypto pki certificate chain
    certificate self-signed 01
    30820247 308201B 0 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
    2 060355 04031325 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 30312E30
    69666963 33363433 37373835 36301E17 393330 33303130 30303331 0D 6174652D
    305A170D 2E302C06 1325494F 03550403 32303031 30313030 30303030 5A 303031
    532D 5365 6C662D53 69676E65 642D 4365 72746966 69636174 652 3336 34333737
    06092A 86 4886F70D 01010105 38353630 819F300D 00308189 02818100 0003818D
    B09F8205 9DD44616 858B1F49 A27F94E4 9E9C3504 F56E18EB 6D1A1309 15C20A3D
    31FCE168 5A8C610B 7F77E7FC D9AD3856 E4BABDD1 DFB28F54 6C24229D 97756ED4
    975E2222 939CF878 48D7F894 618279CF 2F9C4AD5 4008AFBB 19733DDB 92BDF73E
    B43E0071 C7DC51C6 B9A43C6A FF035C63 B53E26E2 C0522D40 3F850F0B 734DADED
    02030100 01A 37130 03551 D 13 6F300F06 0101FF04 05300301 01FF301C 0603551D
    11041530 13821150 5F494D2B 545F5374 61636B5F 322D312E 301F0603 551D 2304
    18301680 1456F3D9 23759254 57BA0966 7C6C3A71 FFF07CE0 A2301D06 03551D0E
    04160414 56F3D923 75925457 BA09667C 6C3A71FF F07CE0A2 2A 864886 300 D 0609
    F70D0101 5B1CA52E B38AC231 E45F3AF6 12764661 04050003 81810062 819657B 5
    F08D258E EAA2762F F90FBB7F F6E3AA8C 3EE98DB0 842E82E2 F88E60E0 80C1CF27
    DE9D9AC7 04649AEA 51C49BD7 7BCE9C5A 67093FB5 09495971 926542 4 5A7C7022
    8D9A8C2B 794D99B2 3B92B936 526216E0 79 D 80425 12B 33847 30F9A3F6 9CAC4D3C
    7C96AA15 CC4CC1C0 5FAD3B
    quit smoking
    control-dot1x system-auth
    dot1x critical eapol
    !
    pvst spanning-tree mode
    spanning tree extend id-system
    No vlan spanning tree 294-312,314-319,321-335,337-345,400,480,484-493,499,950
    !
    !
    !
    errdisable recovery cause Uni-directional
    errdisable recovery cause bpduguard
    errdisable recovery cause of security breach
    errdisable recovery cause channel-misconfig (STP)
    errdisable recovery cause pagp-flap
    errdisable recovery cause dtp-flap
    errdisable recovery cause link-flap
    errdisable recovery cause FPS-config-incompatibility
    errdisable recovery cause gbic-invalid
    errdisable recovery cause psecure-violation
    errdisable cause of port-mode-failure recovery
    errdisable recovery cause dhcp-rate-limit
    errdisable recovery cause pppoe-AI-rate-limit
    errdisable recovery cause mac-limit
    errdisable recovery cause vmps
    errdisable recovery cause storm-control
    errdisable recovery cause inline-power
    errdisable recovery cause arp-inspection
    errdisable recovery cause loopback
    errdisable recovery cause small-frame
    errdisable recovery cause psp
    !
    internal allocation policy of VLAN ascendant
    !
    !
    interface GigabitEthernet1/0/10
    switchport access vlan 320
    switchport mode access
    IP access-group ACL-LEAVE in
    authentication event fail following action method
    action of death server to authenticate the event permit
    living action of the server reset the authentication event
    multi-domain of host-mode authentication
    open authentication
    authentication order dot1x mab
    authentication priority dot1x mab
    Auto control of the port of authentication
    periodic authentication
    authentication violation replace
    MAB
    dot1x EAP authenticator
    dot1x tx-time 10
    spanning tree portfast
    spanning tree enable bpduguard

    interface GigabitEthernet1/0/16
    switchport access vlan 320
    switchport mode access
    IP access-group ACL-LEAVE in
    authentication event fail following action method
    action of death server to authenticate the event permit
    living action of the server reset the authentication event
    multi-domain of host-mode authentication
    open authentication
    authentication order dot1x mab
    authentication priority dot1x mab
    Auto control of the port of authentication
    periodic authentication
    authentication violation replace
    MAB
    dot1x EAP authenticator
    dot1x tx-time 10
    spanning tree portfast
    spanning tree enable bpduguard
     
    interface GigabitEthernet1/0/24
    switchport access vlan 320
    switchport mode access
    IP access-group ACL-LEAVE in
    authentication event fail following action method
    action of death server to authenticate the event permit
    living action of the server reset the authentication event
    multi-domain of host-mode authentication
    open authentication
    authentication order dot1x mab
    authentication priority dot1x mab
    Auto control of the port of authentication
    periodic authentication
    authentication violation replace
    MAB
    dot1x EAP authenticator
    dot1x tx-time 10
    spanning tree portfast
    spanning tree enable bpduguard
     
    !
    interface GigabitEthernet1/0/33
    switchport access vlan 320
    switchport mode access
    IP access-group ACL-LEAVE in
    authentication event fail following action method
    action of death server to authenticate the event permit
    living action of the server reset the authentication event
    multi-domain of host-mode authentication
    open authentication
    authentication order dot1x mab
    authentication priority dot1x mab
    Auto control of the port of authentication
    periodic authentication
    authentication violation replace
    MAB
    dot1x EAP authenticator
    dot1x tx-time 10
    spanning tree portfast
    spanning tree enable bpduguard
     
    interface GigabitEthernet1/0/34
    switchport access vlan 320
    switchport mode access
    IP access-group ACL-LEAVE in
    authentication event fail following action method
    action of death server to authenticate the event permit
    living action of the server reset the authentication event
    multi-domain of host-mode authentication
    open authentication
    authentication order dot1x mab
    authentication priority dot1x mab
    Auto control of the port of authentication
    periodic authentication
    authentication violation replace
    MAB
    dot1x EAP authenticator
    dot1x tx-time 10
    spanning tree portfast
    spanning tree enable bpduguard
    !
    interface GigabitEthernet1/0/44
    switchport access vlan 320
    switchport mode access
    IP access-group ACL-LEAVE in
    authentication event fail following action method
    action of death server to authenticate the event permit
    living action of the server reset the authentication event
    multi-domain of host-mode authentication
    open authentication
    authentication order dot1x mab
    authentication priority dot1x mab
    Auto control of the port of authentication
    periodic authentication
    authentication violation replace
    MAB
    dot1x EAP authenticator
    dot1x tx-time 10
    spanning tree portfast
    spanning tree enable bpduguard

    !
    interface GigabitEthernet1/0/46
    switchport access vlan 320
    switchport mode access
    IP access-group ACL-LEAVE in
    authentication event fail following action method
    action of death server to authenticate the event permit
    living action of the server reset the authentication event
    multi-domain of host-mode authentication
    open authentication
    authentication order dot1x mab
    authentication priority dot1x mab
    Auto control of the port of authentication
    periodic authentication
    authentication violation replace
    MAB
    dot1x EAP authenticator
    dot1x tx-time 10
    spanning tree portfast
    spanning tree enable bpduguard

    interface GigabitEthernet1/0/48
    switchport access vlan 320
    switchport mode access
    IP access-group ACL-LEAVE in
    authentication event fail following action method
    action of death server to authenticate the event permit
    living action of the server reset the authentication event
    multi-domain of host-mode authentication
    open authentication
    authentication order dot1x mab
    authentication priority dot1x mab
    Auto control of the port of authentication
    periodic authentication
    authentication violation replace
    MAB
    dot1x EAP authenticator
    dot1x tx-time 10
    spanning tree portfast
    spanning tree enable bpduguard
    !
    interface GigabitEthernet1/0/49
    Description link GH
    switchport trunk allowed vlan 1,2,320,350,351,401
    switchport mode trunk
    MLS qos trust dscp
    IP dhcp snooping trust
    !

    interface GigabitEthernet1/0/52
    Description link CORE1
    switchport trunk allowed vlan 1,2,29,277,278,314,320,401
    switchport mode trunk
    MLS qos trust dscp
    IP dhcp snooping trust
    !
    !
    interface Vlan320
    IP 10.178.61.5 255.255.255.128
    no ip-cache cef route
    no ip route cache
    !
    default IP gateway - 10.178.61.1
    IP http server
    IP http secure server
    IP http secure-active-session-modules no
    active session modules IP http no
    !
    !
    Access IP extended ACL-AGENT-REDIRECT list
    deny udp any any domain eq bootps
    permit tcp any any eq www
    permit any any eq 443 tcp
    IP extended ACL-ALLOW access list
    allow an ip
    IP access-list extended by DEFAULT ACL
    allow udp any eq bootpc any eq bootps
    allow udp any any eq field
    allow icmp a whole
    allow any host 10.178.5.152 eq 8443 tcp
    permit tcp any host 10.178.5.152 eq 8905
    allow any host 10.178.5.152 eq 8905 udp
    permit tcp any host 10.178.5.152 eq 8906
    allow any host 10.178.5.152 eq 8906 udp
    allow any host 10.178.5.152 eq 8909 tcp
    allow any host 10.178.5.152 eq 8909 udp
    allow any host 10.178.5.153 eq 8443 tcp
    permit tcp any host 10.178.5.153 eq 8905
    allow any host 10.178.5.153 eq 8905 udp
    permit tcp any host 10.178.5.153 eq 8906
    allow any host 10.178.5.153 eq 8906 udp
    allow any host 10.178.5.153 eq 8909 tcp
    allow any host 10.178.5.153 eq 8909 udp
    refuse an entire ip
    Access IP extended ACL-WEBAUTH-REDIRECT list
    deny ip any host 10.178.5.152
    deny ip any host 10.178.5.153
    permit tcp any any eq www
    permit any any eq 443 tcp

    radius of the IP source-interface Vlan320
    exploitation forest esm config
    logging trap alerts
    logging Source ip id
    connection interface-source Vlan320
    record 192.168.6.31
    host 10.178.5.150 record transport udp port 20514
    host 10.178.5.151 record transport udp port 20514
    access-list 10 permit 10.178.5.117
    access-list 10 permit 10.178.61.100
    Server SNMP engineID local 800000090300000A8AF5F181
    SNMP - server RO W143L355 community
    w143l355 RW SNMP-server community
    SNMP-Server RO community lthpublic
    SNMP-Server RO community lthise
    Server SNMP trap-source Vlan320
    Server SNMP informed source-interface Vlan320
    Server enable SNMP traps snmp authentication linkdown, linkup cold start
    SNMP-Server enable traps cluster
    config SNMP-server enable traps
    entity of traps activate SNMP Server
    Server enable SNMP traps ipsla
    Server enable SNMP traps syslog
    Server enable SNMP traps vtp
    SNMP Server enable traps mac-notification change move threshold
    Server SNMP enable traps belonging to a vlan
    SNMP-server host 10.178.5.152 version 2 c lthise mac-notification
    SNMP-server host 10.178.5.153 version 2 c lthise mac-notification
    !
    RADIUS attribute 6 sur-pour-login-auth server
    Server RADIUS attribute 8 include-in-access-req
    RADIUS attribute 25-application access server include
    dead-criteria 5 tent 3 times RADIUS server
    test the server RADIUS host 10.178.5.152 auth-port 1812 acct-port 1813 username test-RADIUS 7 key 03084F030F1C24
    test the server RADIUS host 10.178.5.153 auth-port 1812 acct-port 1813 username test-RADIUS 7 key 141B060305172F
    RADIUS vsa server send accounting
    RADIUS vsa server send authentication

    any help would be really appreciated.

    I'm not sure that completely understand the question; But if LSE is only political wireless, then none of the wired switches need any configuration of ISE.

    Access points tunnel all wireless traffic to the WLC on CAPWAP (unless you use FlexConnect). This is the configuration 802. 1 x on the WLC that implements policies defined in ISE.

    Switches wired never need to act as an access network (n) device and so do not need to be defined in ISE unless or until you want to apply policies of ISE for wired devices...

  • ISE base license and importation of enddevices

    Hello

    Been through the intire internet (or so it seems) and most guides and advice are on the functionality that is included in the advanced license, profiling and so on.

    I am faced with a case where the base license should be sufficient. But I'm confused about the import of the endpoints.

    When using the basic license is the only way to import devices manually or via file or LDAP? ISE is unable to scan the network a collection of addresses MAC automaticly?

    We do not have LDAP and about 20,000 points endpoint, add them manually or in a CSV is too much work.

    Kind regards

    Philippe

    Phillip,

    You're right, these are the methods that 2 mac addresses of research, it is only two methods that ISE would apply only base licenses. If you choose to scan your network for devices ISE then that would be seen as "dynamic profiling" which is an advanced feature.

    Hope that helps,

    Tarik Admani
    * Please note the useful messages *.

  • Problem with WIN 7 and XP Home Network

    I have a home network with 2 cable to the PC through a D-Link N Router extreme. Main PC is WIN 7 and XP Media Center. When put in first place, worked well, but PC now recognizes the other, nor so I can share files more. The two PC's have Internet access through the router, but cannot communicate with each other. I did all the trouble shooting suggested with no luck. Firewalls appear correctly implemented yet. Can someone help me understand this?

    Network Assistant served twice trying to restore the Home network, but still no luck. Other devices may wireless connection to the network & Internet successfully. Printer is connected to the router USB and used all the devices until this problem with XP unit. Utility said Shareport printer is available, but the XP unit will not connect. I am frustrated no end... help, please!

    Hello.

    I had this problem once I still have XP on one of my machines and the way I fixed that using Workgroup, use this site I used to fix my problem, simply ignore the part printer but it will solve the problem you have: http://www.howtogeek.com/howto/windows-7/share-files-and-printers-between-windows-7-and-xp/

  • ISE license consumption and freeing licenses [RADIUS]

    Hi people EHT,.

    There are a lot of questions of ISE issued by me in the last time. And guess what - another here.

    I wonder how the ISE license consumption and freeing licenses actually works. At least I have not find any good document or post on it.

    From what I understand, a license (no matter if basic, plus, apex whatever) is consumed based on RADIUS accounting messages.

    Example:

    An endpoint is authenticating and allowed successfully with 802. 1 X without profiling or posture or whatever (simple). The ISE knows that this endpoint must use a base license and basic license consumption is increased by one.

    As soon as the client is disconnected from the network, the n (switch, WLC) sends an accounting stop message to the ISE and the ISE again releases the base license.

    (am I right so far?)

    Assuming that I am just using the example above:

    RADIUS is not say that really reliable. No matter that it uses UDP (which is unreliable), RAY has a mechanism of recognition built in (Accouting request / respone). But this mechanism gives up after a few attempts. Suppose that a client is disconnected, but the message of stop RADIUS is not received by the ISE.

    Fact the endpoint stay forever in the State of the current session and therefore to consume a license forever? (Assume that there is no timer of dot1x re-authentication).

    Or is it a mechanism of 'time-out' for endpoint licences?

    Kind of a side story here:

    I wrote a simple wrapper for the freeradius tool 'eapol_test '. Go Linux applications unique command line EAP (e.g., EAP - TLS) can be issued to a RADIUS server. If the Linux client acts as "supplicant" X 802.1 and authenticator. It's cool to quickly test the availability of the service of an authentication server.

    My simple wrapper for "eapol_test" performs a ping 'EAP' at the time of convergence of measurement and measurement of authentications per second in a lab environment. The wrapper can also change endpoint of each session of RAY MAC. When I do ping EAP in a laboratory of my number of licenses on the ISE exploded, because eapol_test does not deliver messages from accounting RADIUS to EHT :)

    Johannes has soon

    Hi Johannes-

    You're right about the consumption of license:

    Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.
    However, in addition to this:
    Note Sessions without RADIUS activity are automatically purged from Active Session list every 5 days or if the endpoint is deleted from the system.
    This information used in the documentation of ISE 1.x, but for some reason, he is not :) in the 2.x here's the info from 1.2: http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_d_man_license.pdf I hope this helps! Thank you for the useful job evaluation!

  • music iTunes and apple screen problem

    Hello! This is my problem:

    music both itunes and apple for this. in the homepage of itunes, it will not show the scroll bar and the picture above is the page go. I dealt with this problem for a while. It is not a problem of update because this has happened during my last update (I 12.5.1). I tried to see if anyone else has this problem, but I couldn't find it at all.

    Thank you!

    This could be linked to the UI, DPI problem in 12.5.1.21. If your display is set to something other than 100%, the user interface is really messed up. If you can hold the tiny icons and microscopic text, then set your display to 100%, and the user interface will look 'normal '. This isn't a fix or a resolution, but it is a workaround.

  • Auto unlock with Mac OS and Apple Watch

    I know that you need a Mac 2013 or later with Mac OS, a Apple Watch with watch OS 3 and two factor authentication (not two authentication step) to activate this feature, but for some reason, it does not appear in my system preferences.

    Any ideas?

    Greetings MetallicAsh,

    Thank you for using communities of Apple Support. It seems you want to unlock your Mac with your Apple Watch. Looks like you are already assured of a large number of parameters.
    I recommend reading this article, it explains what the parameters are still needed.

    Make sure that your devices are configured as follows:

    • Your Mac has Bluetooth and Wi - Fi enabled.
    • Your Mac and Apple Watch are connected to iCloud with the same Apple ID.
      On your Mac, choose Apple () menu > System Preferences, and then click iCloud.
      On your iPhone, open the Apple Watch app, then go to general > Apple ID.
    • Your Apple Watch uses a password.
      On your iPhone, open the Apple Watch app, then type the access code.
    • Your Mac has "allow your Apple Watch unlock your Mac" selected in Security & Privacy preferences.
      Choose the Apple menu > System Preferences, click on Privacy & Security, then select the general tab.

    Automatically unlock your Mac with your Apple Watch - Apple Support

    Take care.

  • I have an iMac 27' 2012 with macOS Sierra and Apple Watch with watch OS 3, I can use the function "Log?" in Apple Watch

    I have an iMac 27' 2012 with macOS Sierra and Apple Watch with watch OS 3, I can use the function "Log?" in Apple Watch

    Hi John 2078 Tito.

    I understand that you have updated your iMac and Apple Watch and now you're curious about unlock your iMac using your Apple Watch. I know that it is a nice feature to be able to quickly and safely unlock your computer, so I'm happy to help you.

    This feature is available on 2013 iMacs and later versions, which means that your iMac won't be compatible. You can see more info on this feature here:
    Unlock your Mac with Apple Watch - Apple Watch user's Guide

    Thank you for using communities Support from Apple. See you soon!

Maybe you are looking for