ISE 2.4 to enable 802.1X for Wireless users

ranjit123 · ‎09-20-2018

Hello All,

I am in middle of deploying distributed architecture ISE 2.4 setup .

Customer requirement is wireless domain users who have AD accounts like username and password should be authenticated by ISE and put in relevant groups and those users who do not have domain names should be put in different groups using 802.1x.

I am using Cisco ISE 2.4

can anyone share me some documentation or videos of the same

Jason Kunst · ‎09-20-2018

Please provide more details on what you mean by groups?

Ise doesn’t put users into groups as a concept

You setup an authorization rule saying if dot1x and adgroup:employee the access permissions (like SGT preferred or vlan and or acl)

And another rule can below that can be if dot1x then have different access permissions

So when employees come through then give them one set of permissions (since it’s top down) otherwise they are not and given another set

ranjit123 · ‎09-20-2018

Hello Jason,

Thanks a lot for the reply.

Actually i am able to authenticate wireless 802.1x users through domain name and AD..

Now my requirement is to create 2.4 authorization profile.... as you mentioned below.... for employee group with <----- Domain names and guests with no domain names and provide them with access priviledges according to that..

can you please provide me any document regarding ISE 2.4 to achieve the same

Regards,

Jason Kunst · ‎09-20-2018

Sorry I don’t understand your separation

Won’t what I provided work for you?

If dot1x and ademployee then permissionX
Otherwise PermissionY

You don’t state where your guests identities are stored and I don’t know what domain names means? Please provide more examples

Regardless what I sent for all basic rules should work

I would recommend looking at some videos
http://youtube.com/CiscoISE

Also some guides on 2.3 and dot1x with google search