Re: Cisco ISE CWA authentication with active directory

danielesquaranti · ‎04-19-2023

Hi,

I want to implement the authentication via CWA portal, then authenticate the users via Active directory in the portal and place the pc on a specific VLAN based on a active directory group.

Is this possible? How?

I already setup the portal but i don't understand how to implement the policy sets in the correct way.

Thanks

Flavio Miranda · ‎04-19-2023

Hello,

Take a look on this document. Might be helpful.

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj07_jdn7b-AhWwpZUCHfi0DQsQFnoECBMQAQ&url=https%3A%2F%2Fcommunity.cisco.com%2Fkxiwq67737%2Fattachments%2Fkxiwq67737%2Fdiscussions-network-access-control%2F537223%...

Nancy Saini · ‎04-19-2023

BYOD flow meets your requirement. You can refer : https://www.cisco.com/c/m/en_uk/products/security/identity-services-engine/use-case-byod.html

To meet your second requirement of pushing VLAN based on AD group. In the BYOD compliant rule you can add another condition of AD group and push VLAN ID in the authorization profile.