Inspiring words from the community all stars. Nice to hear what motivates them. We are all very appreciative of their efforts ... View more

As a Cisco ISE user I was very keen to hear this episode. Network Access Control can be a tricky subject to explain verbally and the guys did a great job of it. I was so inspired by this episode that I activated the free trial and started onboarding some personal devices. Even the certificate binding to Apple was so simple - great instructions, and flawless execution yet again. The Meraki way made simple 🙂 ... View more

Great concept. Certainly a lot more flexible than having to run coax to an external antenna. Nice to see Meraki broadening the product portfolio ... View more

Azure AD DS has been available for some time. The issue that everyone is having is how to tell our glorious RADIUS servers how to use Azure AD DS. Whether FreeRADIUS, Cisco ISE or Clearpass - they all have the same issue.   I was on an ISE update session the other day and it was mentioned that ISE has support for SAML integration with Azure AD DS. Of course this only helps us for https (portal based) services, but not at all for EAP-PEAP, etc. - without divulging too much on the ISE roadmap, I believe there may be some work under way to utilise this SAML mechanism for other authentication means. ... View more

Hi @NolanHerring  - I have another batch of APs to work on today - I will give it another go. But this has happened in the last three of my installs. It wasn't on one day only.  And these things should be browser agnostic. If I had a Dollar every time someone told me to use another browser (with respect to a Cisco product) then I'd be a millionaire. You don't hear people saying that Facebook only works best with Chrome. In my experience, certain network vendors write shoddy code and then force us to use a certain browser because they couldn't get it right across the board.   #rant_over. But I am not imagining this. ... View more

@m841 - that's good to know. Do you have actual experience with this? I'd like to learn how this is done. Please post some more information - I have some identities in Azure and a small lab to test with. I am not too familiar with Free Radius - if you have some kind of base config, that would be handy. 🤔 ... View more

This question gets asked a lot on the Cisco ISE Community pages too. The challenge is that Azure AD is not the same as Active Directory (obviously) and the interfaces into Azure AD don't lend themselves to every use case. ISE for example, offers SAML interface to *some* parts of ISE (like Sponsor Portal Login page, or MyDevices Portal page) - but you cannot use Azure AD for things like EAP-PEAP authentication. Why? Because ISE has no native integration for such an external identity source. The closest you can get to that (with ISE) is to use Secure LDAP. But that breaks the password challenge algorithms (MS-CHAPv2) that is commonly used in EAP-PEAP - it cannot work. But the sLDAP integration could be used for non Authentication purposes - e.g. checking for AD Group membership during an EAP-TLS (cert based) authentication.   This is a challenge for every vendor and I have yet to come across a AAA vendor who has solved this problem. Be careful when reading that a product "integrates with Azure AD" - it's often very specific use cases only.   The solution to all this is probably a new protocol that runs over TLS (https) directly into public cloud providers.  You might want to look at JumpCloud.com to see what they are currently up to. ... View more