cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
521
Views
0
Helpful
2
Replies

ISE and Selfservice with single SSID

andreas
Level 1
Level 1

Hi, i have:

WLAN 2504 Controller with 7.2 Software

ISE 1.1.2

A single SSID with 802.1x Authentication

Today the wireless users are authenticated against an cisco acs. I want to switch to the ISE and make use of the mydevices portal. I want to re-use my single SSID and don't want to make any provisioning.

- The user connects to the single SSID

- The user configures peap authentication on his device

- The user authenticates to a ldap directory with username and password

- After successfull authentication the user will be redirected to the mydevices portal

- he logs in with his ldap credentials

- the mac address of his current device is listed in the mydevice portal

- user adds his device to the known devices list

- manual reconnect to my ssid

Is this possible with ISE? Is there a howto out there with exact this scenario?

Kind regards

2 Replies 2

askhuran
Level 1
Level 1

Hello Andreas,

WLC 2504 supports CWA, CoA & dACL.

This wireless controller also supports MAC filtering with RADIUS lookup. For WLCs that support version 7.2.103.0, there is support for session ID and COA with MAC filtering so it is more MAB-like. So it should fulfill your requirement and you can use single SSID.

For more detailed help review “Universal WLC Configuration Guide” & “ISE 1.1.x Network Component Compatibility” at the following location:

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_11_universal_wlc_config.pdf

http://www.cisco.com/en/US/partner/docs/security/ise/1.1.1/compatibility/ise_sdt.html

Regards,

Ashok

ok, i tried to configure that. but i can't get it to work.

Authentication: ok, tested that with internal identity store

Authorization: ok, unknown devices will be forwarded

But: I always get forwarded to the guestportal. Is that correct? I want to get forwarded to the mydevices portal with my MAC address prefilled in the Device ID field.

I haven't found any guide to configure a single ssid solution without profiling / provisioning and the mydevices portal.

I think my fault is somewhere under Policy / Policy Elements / Results in the custom Authorization Profile. But i am not sure.