cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1823
Views
0
Helpful
5
Replies

How to configure limited access to wireless users

We have 9800 wlc and ISE (2.7) in our network and we have posture check policy for wireless user on ISE. 

 

But now we need to configure limited access to non compliance wireless user. 

Is it possible to do it for wireless user ? 

If yes kindly provide way of configuration to provide limited access to non compliance wireless user .

1 Accepted Solution

Accepted Solutions

what kind of posture agent you have intune or any connect ? the same way it works for both (either BYOD or any device, if they not meet posture put them to different VLAN and fix it.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

Hope you looking BYOD device connecting to Wireless right :

 

Look at the below Guide :

 

https://ciscocustomer.lookbookhq.com/iseguidedjourney/ISE-manage-on-my-device-portal

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

No i m looking for employee ssid. 

what kind of posture agent you have intune or any connect ? the same way it works for both (either BYOD or any device, if they not meet posture put them to different VLAN and fix it.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

scenario happend today

one of our VIP user connected to employee SSID.
as soon as he connect anyconnect agent start scanning and it's show scanning result as non complaint.
And according to policy and authorization profile define on ise user was block for network access.
bcoz in authorization profile we had selected permit block.

but that user want limited access (like mail,citrix, ms teams) to his non compliant device.
so question is how we can achieve this in wireless network ?

can we use DACL or Airspace ACL configuration in ISE authorization profile ?....

scenario happend today

one of our VIP user connected to employee SSID.
as soon as he connect anyconnect agent start scanning and it's show scanning result as non complaint.
And according to policy and authorization profile define on ise user was block for network access.
bcoz in authorization profile we had selected permit block.

but that user want limited access (like mail,citrix, ms teams) to his non compliant device.
so question is how we can achieve this in wireless network ?

can we use DACL or Airspace ACL configuration in ISE authorization profile ?