•Step 1 Open a new tab on the web browser and access the ISE administration web interface at using the credentials admin / default1A.
•Step 2 Verify that the Wireless LAN Controller configured as a Network Access Device in ISE.
•a. Navigate to Administration > Network Resources > Network Devices
•b. Under Network Devices in the right-hand panel, select wlc2.
•c. This network device is preconfigured with the values shown in the following table:
•d. Update as needed and click Save when finished.
•Step 3 Demonstrate configuration for the SCEP CA Profiles.
•a. Navigate to Administration > System > Certificates.
•b. Go to SCEP CA Profiles. Verify profile as below
OPTIONAL: Click Test Connectivity to verify the connection to the SCEP server
•a. Once Test Connectivity succeeds, click Submit to save the profile.
•b. Under Administration > System > Certificates, go to Certificate Store, both the CA and RA (registration authority) certificates of the certificate chain for the SCEP server should have been automatically retrieved.
•c. Go to Administration > Identity Management > External Identity Sources > Certificate Authentication Profile to create one with the following information:
Click Submit to save the changes.
•Step 4 Next go to Administration > Identity Management > Identity Source Sequences.
•a. Create a new Identity Source Sequence.
•Step 5 At Policy > Policy Elements > Results > Authentication > Allowed Protocols, create a new entrywith the name PEAP_o_TLS and allow only two protocols:
•b. PEAP with inner method EAP-MS-CHAPv2
•Step 6 Policy > Authentication
•a. Demonstrate the rule Dot1X.
Below shows the resulting authentication policy. The modified objects are highlighted in Yellow.
•Step 7 Demonstrate Authorization Policy rules under Policy > Authorization as shown below
•Step 8 Go to Policy > Client Provisioning and demonstrate rule whichwill look like the following:
•Step 9 You may add a new Native Supplicant Profile in-line within the Results cell. Create the native supplicant profile iOS_WPA2_TLS in-line as shown below:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :