So you’ve installed ISE, configured your policies, got everything up and running. Life is peachy…until you attempt to log in and receive the following error:
One little gotcha. Out of the box, the GUI admin account is set to expire after 45 days. So just when you thought everything was up and running smoothly you hit this little stumbling block.
Thankfully the fix is fairly straight forward, but if you’ve just received the error above you’ll need to do a little CLI intervention.
Ran into a fun issue with vCenter 6.5 and a deployment of ISE. When deploying the ISE ova template we received a chunk size error: “OVF parameter chunkSize with value XXXXXXXXXX” is currently not supported for OVF package import.
Thankfully a VMware kb article walks us through how to fix the issue.
https://kb.vmware.com/s/article/2148588?lang=en_US
The first step is to unpack the ova file with a tool such as 7zip on Windows or tar on Linux/Mac.
Ran into some issues recently with Android devices and the Cisco Network Setup Assistant while attempting to provision certificates as part of the BYOD work flow.
While on-boarding an Android device, the following error occurred:
TAC pointed me to this helpful YouTube video that contained the solution.
https://www.youtube.com/watch?v=z0sRiffVdpg
Starting with Android 6, EST is natively used by the device for Certificate Signing Requests. To fix the issue we need to allow the EST authentication request through ISE. This can be accomplished with a new Authorization Policy that matches the EST request and then permits access.
Been toying with the Cisco vWLC and ISE in the home lab. Evaluation copies of ISE can be found on Cisco’s box share here: https://cisco.app.box.com/v/ISE-Eval
Here are my notes on configuring a Guest Hotspot portal. Hotspots are a simple portal where users will need to accept an Acceptable Use Policy before being granted access to the internet.
Please also see the ISE Guest Access Deployment Guide from Cisco for more details on setting up different Guest Access scenarios: https://community.cisco.com/t5/security-documents/ise-guest-access-deployment-guide/ta-p/3640475
Just got in a new UCS C server and was going through the process of configuring Cisco’s flavor of out of band management called CIMC or Cisco Integrated Management Controller. Similar to HP’s iLO or Dell’s iDrac, CIMC allows one to remotely control and manage their server via the web or SSH with handy tools like integrated KVM and ISO mounting.
