cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

144
Views
3
Helpful
3
Replies
Cisco Employee

Easy Connect CWA compatibility

What is stopping us to support Easy Connect along with CWA? According to Configure EasyConnect on ISE 2.1 - Cisco it is not supported.

I sucessfully tested it in my lab by merging the Limited Access Authorization profile with the CWA Authorization profile (adding "Passive ID Tracking" along with a limiting DACL to the normal CWA Authorization Profile and tweaking the URL-Redirect ACL to stop redirection to DC traffic).

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Easy Connect CWA compatibility

What you did sounds very reasonable, but CWA + Easy Connect has not been tested by our product teams. The doc is written by TAC so I would suggest you to either leave a feedback at the doc site or contact him directly.

3 REPLIES 3
Cisco Employee

Re: Easy Connect CWA compatibility

What you did sounds very reasonable, but CWA + Easy Connect has not been tested by our product teams. The doc is written by TAC so I would suggest you to either leave a feedback at the doc site or contact him directly.

Advocate

Re: Easy Connect CWA compatibility

Correct.  At that point in policy it is simply a MAB auth result (or could even be 802.1X).  Only the tracking option in AuthZ Profile will specify whether CoA sent on successful MnT merge of passive ID info.  This was one of the core goals of rework done for 2.1 release to ensure EZC was based on standard MAB.

I assume you are specifically asking about the use of same Authorization Profile for dual use case?  If asking if CWA can be chained with EZC, then that certainly has not been tested.

Highlighted
Beginner

Re: Easy Connect CWA compatibility

Hi, Rovargas,

 

Can you provide the screenshot with the policies you applied? We have contractors here that use their own laptop and I think easyconnect + CWA could be used to grant secure access to the network.

 

Regards,