Solved: Cisco ISE profiling - Split Corporate/Guest access

KevinMuller · ‎05-02-2014

Hello all,

I currently deploying a Cisco ISE for my wireless network and I would like to split my WLAN in two different "authorization profile" : Guest and Corporate.

For the moment, I use my active Directory to authenticate users and profiling to authorize device with the hostname. I would like to classify by domain name with DHCP probe but I can't because there is alway a DHCP message response with the domain name given by the DHCP server, do you have a solution to separate device with domain name or with other attributes ?

Thanks in advance for your answer!

Saurav Lodh · ‎05-02-2014

you can create different authorization profile based on the identity group they belong to , therefore , make two profiles based on two Identity group ( guest/ corporate AD users ) and assign them different access. refer ISE 1.2 config guide.

View solution in original post

Saurav Lodh · ‎05-02-2014

you can create different authorization profile based on the identity group they belong to , therefore , make two profiles based on two Identity group ( guest/ corporate AD users ) and assign them different access. refer ISE 1.2 config guide.

KevinMuller · ‎05-02-2014

Thanks for your answer salodh,

I've already done two authorization profiles (Guest and corporate) based on rule using Active Directory and profiling condition but I would more profiling conditions (not only hostname) to split clearly corporate and guest devices.