Integrating Management Login for WLC's Through ISE Radius with AD

Dan Man · ‎06-04-2014

Does anyone have any good documentation on how to integrate management login, for all WLC's through the ISE appliance, using RADIUS? I'm currently doing that through ACS, but can't find any documentation on how to do that through the ISE. Any help would be appreciated. Thanks!

__Beth__ · ‎06-06-2014

I was having this problem as well. The trick for me was creating an authentication rule to check AD. I am not sure it's the best method so if anyone has any other ideas, I would appreciate hearing them. Check my attachment for the auth rule that worked for me.

Bernardino Tellez · ‎06-06-2014

There is no documentation regarding this use case. Below is an snapshot of a policy set I've created for managing network devices via CLI. If you have ISE 1.2 is always better to create different policy sets to separate your device management policy from your network device policy

.

__Beth__ · ‎06-06-2014

Thank you for your post. I am only seeing a black box with an X in it. Can you please try to post the snapshot again?

Bernardino Tellez · ‎06-06-2014

__Beth__ · ‎06-06-2014

Thank you! :)

Jatin Katyal · ‎06-06-2014

On Cisco ISE:

1. Create an authorization profile that pushes the correct cisco-avpair

Policy > Policy Elements > Results > Authorization > Authorization Profiles

Under Advanced attribute settings, Radius:Service-Type = Administrative

2. Assign the authorization profile to an authorization policy

Regards,

Jatin Katyal

** Do rate helpful posts **

~Jatin

Trent Hurt · ‎06-17-2014

Here is great guide I used with screenshots

http://mrncciew.com/2014/05/11/wlc-access-via-radius-ise/

Peter Koltl · ‎08-31-2014

Integrating Management Login for WLC's Through ISE Radius with AD

Using Cisco ISE as a generic RADIUS server