ISE, MAC, AnyC and Auth Machine?

Similar Questions

• Sierra Mac OS and Time Machine?

  Hello

  Since the update for Sierra, time machine takes really long in the "preparation of backup." I was not able to save my mac since. Can someone tell me why this is happening and if I'll ever back on my mac?

  The first backup after that an upgrade of the OS can take a long time, leading people to think something is wrong. Sometimes, something is wrong - maybe it's a coincidence, but I think it's during these periods of preparation time that a TM backup is more likely to stall. So the first thing to try is defined the computer don't not sleep and manually start a backup of the day after. If this good return. If this is not the case, the second thing (if you can't wait go to this step) is to open the TimeMachine backup and open the backup.backup folder and the folder of the computer to find the actual backups. You should see a file called 'ongoing' remove it. (I open open TM preferences and turn off TM before doing this.)

• I just restored my HD Mac from a time machine backup and PS 4 will not open. I get an error code 150:30. No idea what I need to do?

  I just restored my HD Mac from a time machine backup and PS 4 will not open. I get an error code 150:30. No idea what I need to do?

  Most likely your Photoshop installation was damaged by the restoration. Re-installing Photoshop CS4. You can find the latest version that has been published here: products CS4 download

  Benjamin

• To cut and paste between Mac and Virtual Machine

  My husband and I have VMware Fusion installed on our MacBooks. We use it to run WIndows XP.

  His continues to have problems. Windows crash then left outstanding programs. Now, he can not copy / paste between Mac and Virtual Machine.

  I can't find all the differences in our backgrounds. I'm not having problems he knows.

  Any advice on how to solve this problem, so it can copy / paste between systems again?

  Assuming that the MAC is stable and not giving any problems I try and see why the XP VM crashes and at least re - install VMWare Tools on XP because that is what is needed to copy and paste between host and guest operating system.

  Look in XP Event Viewer to see if you can see what happens wrong... Click Start and then right-click my computer and then click on manage, and then click Event Viewer.

  Perpahs try running a virus scanner or applications malicious XP if you think that it might be infected.

  If all else fails, try and repair the machine virtual XP from your XP CD...

• Installation of Acrobat on a machine running Mac OS and Windows OS

  I have a new MacAir (Mountain Lion OS) and which will also have Windows 7 installed (via the Parallels software).  I want to install Adobe Acrobat XI (Standard preference, or Pro if necessary) so that I can print to PDF from any application, whether in Windows or Mac OS environment.  How to install Acrobat to achieve?  What I have to install twice, once in the Mac environment, then again in the Windows environment?  Or can I install Acrobat just in the Mac environment and make it appear as a print option in Windows applications?  Thank you.

  Can't do. Serials for the stand-alone products are platform specific. Yes, you must install it in the two environemnts, but according to the previous one, it is not possible unless you have 2 licenses. That said, if you want to print to PDF, there is enough of the free alternatives like GhostScript.

  Mylenium

• ISE with WLC AND switches

  Hello

  We run 3xWLC controller with 800 AP using ISE 1.2 for authentication wireless 802. 1 x. I was looking in the config of the ISE and notice of 400 edge cheating only 2x2960s are configured with 802. 1 x (ISE RADIUS config) and SNMP and only 2 of the port is 2 ap tie with swtich remaining ports.and the 3XWLC in network devices.

  I do not understand how an access point is to do this work (802.1 x) because it is location on different site and people are connecting to various different locations. ISE almost run/do 11 876 profiled ends.

  version 12.2
  !
  boot-start-marker
  boot-end-marker
  !
  enable secret 5 $1$ fokm$ lesIWAaceFFs.SpNdJi7t.
  !
  Test-RADIUS username password 7 07233544471A1C5445415F
  AAA new-model
  Group AAA dot1x default authentication RADIUS
  Group AAA authorization network default RADIUS
  Group AAA authorization auth-proxy default RADIUS
  start-stop radius group AAA accounting dot1x default
  start-stop radius group AAA accounting system by default
  !
  !
  !
  !
  AAA server RADIUS Dynamics-author
  Client 10.178.5.152 server-key 7 151E1F040D392E
  Client 10.178.5.153 server-key 7 060A1B29455D0C
  !
  AAA - the id of the joint session
  switch 1 supply ws-c2960s-48 i/s-l
  cooldown critical authentication 1000
  !
  !
  IP dhcp snooping vlan 29,320,401
  no ip dhcp snooping option information
  IP dhcp snooping
  no ip domain-lookup
  analysis of IP device
  !
  logging of the EMP
  !
  Crypto pki trustpoint TP-self-signed-364377856
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 364377856
  revocation checking no
  rsakeypair TP-self-signed-364377856
  !
  !
  TP-self-signed-364377856 crypto pki certificate chain
  certificate self-signed 01
  30820247 308201B 0 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
  2 060355 04031325 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 30312E30
  69666963 33363433 37373835 36301E17 393330 33303130 30303331 0D 6174652D
  305A170D 2E302C06 1325494F 03550403 32303031 30313030 30303030 5A 303031
  532D 5365 6C662D53 69676E65 642D 4365 72746966 69636174 652 3336 34333737
  06092A 86 4886F70D 01010105 38353630 819F300D 00308189 02818100 0003818D
  B09F8205 9DD44616 858B1F49 A27F94E4 9E9C3504 F56E18EB 6D1A1309 15C20A3D
  31FCE168 5A8C610B 7F77E7FC D9AD3856 E4BABDD1 DFB28F54 6C24229D 97756ED4
  975E2222 939CF878 48D7F894 618279CF 2F9C4AD5 4008AFBB 19733DDB 92BDF73E
  B43E0071 C7DC51C6 B9A43C6A FF035C63 B53E26E2 C0522D40 3F850F0B 734DADED
  02030100 01A 37130 03551 D 13 6F300F06 0101FF04 05300301 01FF301C 0603551D
  11041530 13821150 5F494D2B 545F5374 61636B5F 322D312E 301F0603 551D 2304
  18301680 1456F3D9 23759254 57BA0966 7C6C3A71 FFF07CE0 A2301D06 03551D0E
  04160414 56F3D923 75925457 BA09667C 6C3A71FF F07CE0A2 2A 864886 300 D 0609
  F70D0101 5B1CA52E B38AC231 E45F3AF6 12764661 04050003 81810062 819657B 5
  F08D258E EAA2762F F90FBB7F F6E3AA8C 3EE98DB0 842E82E2 F88E60E0 80C1CF27
  DE9D9AC7 04649AEA 51C49BD7 7BCE9C5A 67093FB5 09495971 926542 4 5A7C7022
  8D9A8C2B 794D99B2 3B92B936 526216E0 79 D 80425 12B 33847 30F9A3F6 9CAC4D3C
  7C96AA15 CC4CC1C0 5FAD3B
  quit smoking
  control-dot1x system-auth
  dot1x critical eapol
  !
  pvst spanning-tree mode
  spanning tree extend id-system
  No vlan spanning tree 294-312,314-319,321-335,337-345,400,480,484-493,499,950
  !
  !
  !
  errdisable recovery cause Uni-directional
  errdisable recovery cause bpduguard
  errdisable recovery cause of security breach
  errdisable recovery cause channel-misconfig (STP)
  errdisable recovery cause pagp-flap
  errdisable recovery cause dtp-flap
  errdisable recovery cause link-flap
  errdisable recovery cause FPS-config-incompatibility
  errdisable recovery cause gbic-invalid
  errdisable recovery cause psecure-violation
  errdisable cause of port-mode-failure recovery
  errdisable recovery cause dhcp-rate-limit
  errdisable recovery cause pppoe-AI-rate-limit
  errdisable recovery cause mac-limit
  errdisable recovery cause vmps
  errdisable recovery cause storm-control
  errdisable recovery cause inline-power
  errdisable recovery cause arp-inspection
  errdisable recovery cause loopback
  errdisable recovery cause small-frame
  errdisable recovery cause psp
  !
  internal allocation policy of VLAN ascendant
  !
  !
  interface GigabitEthernet1/0/10
  switchport access vlan 320
  switchport mode access
  IP access-group ACL-LEAVE in
  authentication event fail following action method
  action of death server to authenticate the event permit
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  open authentication
  authentication order dot1x mab
  authentication priority dot1x mab
  Auto control of the port of authentication
  periodic authentication
  authentication violation replace
  MAB
  dot1x EAP authenticator
  dot1x tx-time 10
  spanning tree portfast
  spanning tree enable bpduguard

  interface GigabitEthernet1/0/16
  switchport access vlan 320
  switchport mode access
  IP access-group ACL-LEAVE in
  authentication event fail following action method
  action of death server to authenticate the event permit
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  open authentication
  authentication order dot1x mab
  authentication priority dot1x mab
  Auto control of the port of authentication
  periodic authentication
  authentication violation replace
  MAB
  dot1x EAP authenticator
  dot1x tx-time 10
  spanning tree portfast
  spanning tree enable bpduguard
   
  interface GigabitEthernet1/0/24
  switchport access vlan 320
  switchport mode access
  IP access-group ACL-LEAVE in
  authentication event fail following action method
  action of death server to authenticate the event permit
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  open authentication
  authentication order dot1x mab
  authentication priority dot1x mab
  Auto control of the port of authentication
  periodic authentication
  authentication violation replace
  MAB
  dot1x EAP authenticator
  dot1x tx-time 10
  spanning tree portfast
  spanning tree enable bpduguard
   
  !
  interface GigabitEthernet1/0/33
  switchport access vlan 320
  switchport mode access
  IP access-group ACL-LEAVE in
  authentication event fail following action method
  action of death server to authenticate the event permit
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  open authentication
  authentication order dot1x mab
  authentication priority dot1x mab
  Auto control of the port of authentication
  periodic authentication
  authentication violation replace
  MAB
  dot1x EAP authenticator
  dot1x tx-time 10
  spanning tree portfast
  spanning tree enable bpduguard
   
  interface GigabitEthernet1/0/34
  switchport access vlan 320
  switchport mode access
  IP access-group ACL-LEAVE in
  authentication event fail following action method
  action of death server to authenticate the event permit
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  open authentication
  authentication order dot1x mab
  authentication priority dot1x mab
  Auto control of the port of authentication
  periodic authentication
  authentication violation replace
  MAB
  dot1x EAP authenticator
  dot1x tx-time 10
  spanning tree portfast
  spanning tree enable bpduguard
  !
  interface GigabitEthernet1/0/44
  switchport access vlan 320
  switchport mode access
  IP access-group ACL-LEAVE in
  authentication event fail following action method
  action of death server to authenticate the event permit
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  open authentication
  authentication order dot1x mab
  authentication priority dot1x mab
  Auto control of the port of authentication
  periodic authentication
  authentication violation replace
  MAB
  dot1x EAP authenticator
  dot1x tx-time 10
  spanning tree portfast
  spanning tree enable bpduguard

  !
  interface GigabitEthernet1/0/46
  switchport access vlan 320
  switchport mode access
  IP access-group ACL-LEAVE in
  authentication event fail following action method
  action of death server to authenticate the event permit
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  open authentication
  authentication order dot1x mab
  authentication priority dot1x mab
  Auto control of the port of authentication
  periodic authentication
  authentication violation replace
  MAB
  dot1x EAP authenticator
  dot1x tx-time 10
  spanning tree portfast
  spanning tree enable bpduguard

  interface GigabitEthernet1/0/48
  switchport access vlan 320
  switchport mode access
  IP access-group ACL-LEAVE in
  authentication event fail following action method
  action of death server to authenticate the event permit
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  open authentication
  authentication order dot1x mab
  authentication priority dot1x mab
  Auto control of the port of authentication
  periodic authentication
  authentication violation replace
  MAB
  dot1x EAP authenticator
  dot1x tx-time 10
  spanning tree portfast
  spanning tree enable bpduguard
  !
  interface GigabitEthernet1/0/49
  Description link GH
  switchport trunk allowed vlan 1,2,320,350,351,401
  switchport mode trunk
  MLS qos trust dscp
  IP dhcp snooping trust
  !

  interface GigabitEthernet1/0/52
  Description link CORE1
  switchport trunk allowed vlan 1,2,29,277,278,314,320,401
  switchport mode trunk
  MLS qos trust dscp
  IP dhcp snooping trust
  !
  !
  interface Vlan320
  IP 10.178.61.5 255.255.255.128
  no ip-cache cef route
  no ip route cache
  !
  default IP gateway - 10.178.61.1
  IP http server
  IP http secure server
  IP http secure-active-session-modules no
  active session modules IP http no
  !
  !
  Access IP extended ACL-AGENT-REDIRECT list
  deny udp any any domain eq bootps
  permit tcp any any eq www
  permit any any eq 443 tcp
  IP extended ACL-ALLOW access list
  allow an ip
  IP access-list extended by DEFAULT ACL
  allow udp any eq bootpc any eq bootps
  allow udp any any eq field
  allow icmp a whole
  allow any host 10.178.5.152 eq 8443 tcp
  permit tcp any host 10.178.5.152 eq 8905
  allow any host 10.178.5.152 eq 8905 udp
  permit tcp any host 10.178.5.152 eq 8906
  allow any host 10.178.5.152 eq 8906 udp
  allow any host 10.178.5.152 eq 8909 tcp
  allow any host 10.178.5.152 eq 8909 udp
  allow any host 10.178.5.153 eq 8443 tcp
  permit tcp any host 10.178.5.153 eq 8905
  allow any host 10.178.5.153 eq 8905 udp
  permit tcp any host 10.178.5.153 eq 8906
  allow any host 10.178.5.153 eq 8906 udp
  allow any host 10.178.5.153 eq 8909 tcp
  allow any host 10.178.5.153 eq 8909 udp
  refuse an entire ip
  Access IP extended ACL-WEBAUTH-REDIRECT list
  deny ip any host 10.178.5.152
  deny ip any host 10.178.5.153
  permit tcp any any eq www
  permit any any eq 443 tcp

  radius of the IP source-interface Vlan320
  exploitation forest esm config
  logging trap alerts
  logging Source ip id
  connection interface-source Vlan320
  record 192.168.6.31
  host 10.178.5.150 record transport udp port 20514
  host 10.178.5.151 record transport udp port 20514
  access-list 10 permit 10.178.5.117
  access-list 10 permit 10.178.61.100
  Server SNMP engineID local 800000090300000A8AF5F181
  SNMP - server RO W143L355 community
  w143l355 RW SNMP-server community
  SNMP-Server RO community lthpublic
  SNMP-Server RO community lthise
  Server SNMP trap-source Vlan320
  Server SNMP informed source-interface Vlan320
  Server enable SNMP traps snmp authentication linkdown, linkup cold start
  SNMP-Server enable traps cluster
  config SNMP-server enable traps
  entity of traps activate SNMP Server
  Server enable SNMP traps ipsla
  Server enable SNMP traps syslog
  Server enable SNMP traps vtp
  SNMP Server enable traps mac-notification change move threshold
  Server SNMP enable traps belonging to a vlan
  SNMP-server host 10.178.5.152 version 2 c lthise mac-notification
  SNMP-server host 10.178.5.153 version 2 c lthise mac-notification
  !
  RADIUS attribute 6 sur-pour-login-auth server
  Server RADIUS attribute 8 include-in-access-req
  RADIUS attribute 25-application access server include
  dead-criteria 5 tent 3 times RADIUS server
  test the server RADIUS host 10.178.5.152 auth-port 1812 acct-port 1813 username test-RADIUS 7 key 03084F030F1C24
  test the server RADIUS host 10.178.5.153 auth-port 1812 acct-port 1813 username test-RADIUS 7 key 141B060305172F
  RADIUS vsa server send accounting
  RADIUS vsa server send authentication

  any help would be really appreciated.

  I'm not sure that completely understand the question; But if LSE is only political wireless, then none of the wired switches need any configuration of ISE.

  Access points tunnel all wireless traffic to the WLC on CAPWAP (unless you use FlexConnect). This is the configuration 802. 1 x on the WLC that implements policies defined in ISE.

  Switches wired never need to act as an access network (n) device and so do not need to be defined in ISE unless or until you want to apply policies of ISE for wired devices...

• ACS5 / ISE: PEAP authentication - first then machine user

  Hi on board,

  I have a simple question about AAA with ISE or ACS5 and PEAP.

  As we all know, is the big drawback with the PEAP Protocol, you cannot apply that property of the company not authenticates on the network.

  Example:

  Computer Windows - authentication domain and user PEAP. During GINA of Windows, the computer account is used - after login, the user account is used.

  If I bring my own iPad to society, I just have to activate WLAN, enter my domain credentials and voila! I am!

  Some companies want to restrict the network only for devices of the company.

  Therefore, is a simple solution for this, EAP - TLS - but we know all that some guys do not want to put in place an infrastructure to full blown public key...

  So here's the question:

  Is is possible to enforce an order of authentication in ISE or ACS.

  If a request for a certain MAC address of the client authentication happens (Calling station ID), this identity must authenticate with a first computer account (the prefix "host\") and that once the machine authentication is successful, the authentication of the user is authorized.

  If someone wants to connect with a user account, then this is not possible, if there was not a sign of the old machine.

  So is this possible with the ACS or ISE?

  Thanks in advance!

  Johannes,

  You can prevent ipads to connect forcing the machine authentication check the authentication of the user policy.

  http://www.Cisco.com/en/us/docs/security/ISE/1.0/user_guide/ise10_authz_polprfls.html#wp1116684

  You can also use the profiling feature in ISE to reject apple devices to access the network.

  Thank you

  Tarik Admani
  * Please note the useful messages *.

• Mac OSx Sierra Time Machine WD my cloud

  Since upgrading to Mac OSX Sierra my Macbook Pro and Macbook Air are not capable of doing Time Machine back Ups to a WD MyCloud drive that is connected to our router.

  We have updated the firmware on the WD My Cloud drive to the latest version and contacted WD on this problem, so far they have not come with a solution to the problem.

  If you open Time Machine preferences and then observe what happens, by hitting 'Back Up Now' systems do "Looking to save the disc" then "Preparing backup" then stop and then go back to the status of 'rest' without backup anything to the top at all. It is the same on both machines. You can see here: Time Machine Back Up My Cloud

  Notice how the drive icon changes to the point where it stops working and then goes to the other drive which is a USB.

  Now, to complicate the issue further... an iMac connected via Ethernet to the router can go back to the My Cloud drive perfectly as before. If Apple changed something with the wireless protocols I think but that?

  Hi stevefrompembury,

  Thanks for posting in the Community Support from Apple! I understand that your or your Mac back up Time machine since the update. Backups are certainly crucial to ensure that your data remains secure, so I'm happy to offer some suggestions.

  You have already tried a few milestones. I recommend you take a look through this article so that you have covered all the steps mentioned, including the section titled 'Control your readers': If you can not back up or restore your Mac with Time Machine

  See you soon!

• The new App Store for El Capitan update has locked up my macbook pro.  Reboot got about 3/4 fact and the machine stops. Turned off the power and turn it on again for nothing doesn't.  How in my machine to begin troubleshooting?

  The new App Store for El Capitan update has locked up my macbook pro.  Reboot got about 3/4 fact and the machine stops. Turned off the power and turn it on again for nothing doesn't.  How in my machine to begin troubleshooting?

  The problem is most likely an attempt to update a system malfunction prior it is probably a problem with your computer, not the El Capitan.

  Start by:

  Reset the PRAM and NVRAM on your Mac.

  MacIntel: Reset of the controller (SMC) system management

  Start in Safe Mode , and then re - start normally. It's slower that a normal start, so be patient.

  If you are unable to start;

  Reinstall El Capitan without erasing the drive

  Please make sure that you back up.

  1. Restart the computer. Immediately after that the chime hold down the command and R until the Utility Menu appears.
  2. Select disk utility, then click on the continue button.
  3. Select the withdrawal (usually Macintosh HD) entry of the volume in the list aside.
  4. Click first aid icon in the toolbar. Wait until the button is active, then click it.
  5. Quit disk utility and re-enter the Utility Menu.
  6. Select Reinstall OS X and click on the continue button.

  Also, see this tip for user: basic steps for the OS X upgrade.

  If this doesn't get you;

  Install Yosemite or El Capitan, from scratch

  Backup if possible before proceeding.

  Restart the computer. Immediately after the chime hold down the command and R buttons until the Apple logo appears. When the Utility Menu appears:

  Select utility disc in the Menu Utility, then click the continue button.

  When loading disk utility, select the volume (entered into withdrawal, usually Macintosh HD) from the list of devices.

  Click Delete in the main window of disk utility. A panel will fall.

  Define the type of Format Mac OS extended (journaled).

  Click on the apply button, then wait for the done button to activate and click on it.

  Quit disk utility and re-enter the Utility Menu.

  Select reinstall OS X and click on the continue button.

• My macpro is backup in the capsule of time even when I was at work, which means that the time capsule is consumed my data plan. Can anyone suggest a way I can have it the backup only when my mac pro and time capsule is in the same local wifi

  my mac pro is backup in the capsule of time even when I was at work, which means that the time capsule is consumed my data plan. Can anyone suggest a way I can have it the backup only when my mac pro and time capsule is in the same local wifi

  If the Time Capsule and MacBook Pros are not on the same network, the MacBook is not backup in the time Capsule. You probably see what snapshots leaving MacBook on the local disk, until the two are reconnected. If you don't want that to happen, disable Time Machine on a different network.

  Good day.

• Problem with external HARD disk - cannot mount the mac partition and can't unmount the partition windows

  Hi all

  Need your help. I have problems with my external hard drive. I worked on it yesterday when the cable is a little detached and disassembled my intestinal HARD drive.

  Here are the specs:

  1 Macbook Air 11.5 "running on El Capitan (10.11.1)

  2 Buffalo Ministation external (1 TB) HARD disk divided into two: a Mac partition (for time machine) and the other a windows on FAT32 partition.

  Before the accident yesterday, it was working OK.

  Now, when I connect the HARD drive, it turns on but the Mac partition cannot be mounted (it does not appear on the Finder. I opened disk utility... just load forever and does not work) and the Windows partition is visible... but I can't take it apart without turning my computer.

  I can assemble and disassemble a USB stick very well.

  Any help would be appreciated.

  Thank you!

  Maybe you can explain a little better.

  I would like to make some general comments before having your replay.

  It is not wise to use TM on a disk with apple unformatted or partitions, it is preferable to have a dedicated TM drive also.

  For TM, the rule is that the drive is about 3 times the size of the boot disk.

  Normally you 'survive' a good step disassemble the drive external, but in this case with a another partition formatted on this subject, I'm not sure if that do not corrupt the disk, especially since the Windows partition is bootable. I have suspct the partition GUID on the TM partition table is corrupt.

  I propose to start the disk completely: in DiskUtility select the 'higher' level (name of manufacturer) and the Partition, one OS X Extended (journaled) partition table Partition GUID. And use it only for TM, is not too big for this.

  Have another drive formatted NTFS for Windows.

• iPod classic. PC I have had all my music on died. can I connect iPod to my new Mac Office and store the music on the iPod in the cloud?

  I have an iPod classic 5th generation which has all my music on it. I had an old office that was on original music and he's dead. Now, I have a Mac desktop and other products, apple, iPhone, apple tv, Mac laptop, etc.  How can I get the music from classic iPod in the cloud so I can access it on all my other devices?

  Ideally, you have a backup of your user data from your old computer, including your iTunes data, and you can transfer data from iTunes on your Mac.

  By design, iTunes sync is generally in one direction, from the iTunes library on your computer to the iPod.  You cannot use iTunes to transfer files of song from iPod to computer, with the exception of songs purchased on the iTunes Store (you can also re - download on iTunes Store free of charge).  However, there are methods and third party utilities that can transfer from iPod to computer.  If you do an Internet search on something like 'ipod music transfer', you should get a few useful links.  Once the files of the song on the drive of your Mac, add them to your current iTunes library.

  If you want to make your library iTunes music accessible to other computers and devices (compatible), you own, you need to subscribe to Match iTunes (or Apple's music) gives you a library music to iCloud.

  And since you are using a Mac now, don't forget TSF function built-in Time Machine an external drive, allows you to save all your data automatically.  (iPods are not intended for backup data iTunes).

• External hard drive to format HFS + (not OS x) and Time Machine boot

  Hello, I have a MBP of 2014 (10.11.2).  Have a 2 TB external drive SG was NTFS but reformatted using THE HFS + and created two partitions of 1 TB (Yes, for my intended purpose in hindsight should have apparently formatted to a ready drive "Time Machine").  But just went with HFS + and Time Machine is ready to use one of the partitions to backup nonethelss.

  Hmm... but 1) TM do not encrypt, and more important again, I wonder if TM 2) can perform full restore from a drive WITHOUT the OS X on the ext drive (no matter the format HFS + appropriate)?

  (FYI, I received a warning when you use CCC related attempt to clone the drive to this disc hard ext, but received a warning "not re-bootable from any OS X").  Thank you!

  HFS + Mac OS Extended is what should be the disk.

• MAC address purging do not ISE MAC Authentication Bypass database

  I'm having a problem where my client's MAC addresses are not be purged automatically from the ISE.  It is a simple amp construction, where users are offered a cover page and must hit 'accept' to access the internet.  When the user does this, their MAC address is added to LSE, and then they can visit his profile.

  I need clients who will be presented to the splash page at least once a day.  Because the MAC address is added when they hit accept, they never get again presented start page, unless I have manually delete the MAC of Administration > identities > endpoints.

  I put the frequency of bleeding under Administration > identity mgmt > settings to 1 day and under settings Portal comments for "purge endpoints of this identity group every day 1", but the MAC stay in this group even after several days.

  I have also set the reauthentication is very short (30 min) in the thinking authorization profiles that might help, but the customer never receives the page again after hitting accept because the MAC is still listed in the endpoint group.  The only way to get the start page to reappear for customers is to manually remove the ISE MAC...

  Is there something else I am missing to make this feature work?

  Attached are a few screenshots of the parameters.

  Thank you!

  It looks like a bug, seems to me that you do it right, I got it working for a client in point 1.3 of the ISE, just with a much longer period before the purge (3 months). ISE what version are you on?

• ISE license consumption and freeing licenses [RADIUS]

  Hi people EHT,.

  There are a lot of questions of ISE issued by me in the last time. And guess what - another here.

  I wonder how the ISE license consumption and freeing licenses actually works. At least I have not find any good document or post on it.

  From what I understand, a license (no matter if basic, plus, apex whatever) is consumed based on RADIUS accounting messages.

  Example:

  An endpoint is authenticating and allowed successfully with 802. 1 X without profiling or posture or whatever (simple). The ISE knows that this endpoint must use a base license and basic license consumption is increased by one.

  As soon as the client is disconnected from the network, the n (switch, WLC) sends an accounting stop message to the ISE and the ISE again releases the base license.

  (am I right so far?)

  Assuming that I am just using the example above:

  RADIUS is not say that really reliable. No matter that it uses UDP (which is unreliable), RAY has a mechanism of recognition built in (Accouting request / respone). But this mechanism gives up after a few attempts. Suppose that a client is disconnected, but the message of stop RADIUS is not received by the ISE.

  Fact the endpoint stay forever in the State of the current session and therefore to consume a license forever? (Assume that there is no timer of dot1x re-authentication).

  Or is it a mechanism of 'time-out' for endpoint licences?

  Kind of a side story here:

  I wrote a simple wrapper for the freeradius tool 'eapol_test '. Go Linux applications unique command line EAP (e.g., EAP - TLS) can be issued to a RADIUS server. If the Linux client acts as "supplicant" X 802.1 and authenticator. It's cool to quickly test the availability of the service of an authentication server.

  My simple wrapper for "eapol_test" performs a ping 'EAP' at the time of convergence of measurement and measurement of authentications per second in a lab environment. The wrapper can also change endpoint of each session of RAY MAC. When I do ping EAP in a laboratory of my number of licenses on the ISE exploded, because eapol_test does not deliver messages from accounting RADIUS to EHT :)

  Johannes has soon

  Hi Johannes-

  You're right about the consumption of license:

  Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.

  However, in addition to this:

  Note Sessions without RADIUS activity are automatically purged from Active Session list every 5 days or if the endpoint is deleted from the system. 

  This information used in the documentation of ISE 1.x, but for some reason, he is not :) in the 2.x here's the info from 1.2: http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_d_man_license.pdf I hope this helps! Thank you for the useful job evaluation!