PC Still Can Access Network without Joining AD in ISE Environment
I'm new to ISE and I have a problem about access control with ISE and here's my situation:
The wired 802.1X is deployed with windows AD using ISE. For now, Clients joined the domain can access the network well, however, for computers which havn't joined the domain can also access the network if the users know their account of the domain. They can start the 802.1X service by themselves and configure the network card properly, connect the network cable, when the windows dialog pops up, the user can enter the username starts with the domain like "mydomain\username"(mydomain is the domain name) and the passowrd, then the computer can gain the access just like it had joined the domain. So I think there may be some mistakes with my Authentication and Authorization Policy.
My authentication policy is configured like this:
the ChinaPnR-ISE is the AD name
My authorization policy is configured like this:
I'm wondering if I can add one condition to math the hostnames of the windows as computers which had joined have the unified format?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...