Solved: Hi Jan,Thanks for the reply.

Zohaib Hussain · ‎03-25-2014

I've one SSID used for both Head Office users and branch users. The problem is that branch users are using flexconnect. All the branch users are using vlan 10 as pre authC and vlan 20 after authenctication. But H.O. users are using vlan 50 to connect. Now i've make the AuthZ policy to match wlan-id and wireless 802.1x.

The question is that how i'll make the H.O. users to match different AuthZ policy and branch users with other AuthZ policy since i need to return different vlan for them.

Thanks and Regards,

Zohaib

jan.nielsen · ‎03-25-2014

If you use AP groups on your controller, you can set different NAS-IDs for each AP Group on the controller, and that attribute will be sent to ISE so you can create two different authz rules for the two ap groups.

View solution in original post

jan.nielsen · ‎03-25-2014

If you use AP groups on your controller, you can set different NAS-IDs for each AP Group on the controller, and that attribute will be sent to ISE so you can create two different authz rules for the two ap groups.

Zohaib Hussain · ‎03-25-2014

Hi Jan,

Thanks for the reply. I just want to know if there is any other way to identify the users in the policy since im using only default group and the network in operational. Shifting these AP to a new group will be difficult. Is there a way to put NAS-ID on flexconnect group?

ISE 1.2 and WLC 7.6.100.0 Flex Config