This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hi,
I am deploying ISE with WLC 7.4. I have two SSID(s) running in my network 1. Corporate & 2. Services. I have a domain setup lets say "AD.com" with 4 groups 1. Corporate, 2. Services, 3. Employees, 4. Contractors.
Here is an example of the scenario that I want:
AD.com Group : Corporate's User : 1. C_USER1
2. C_USER2
3. C_USER3
4. C_USER4
5. C_USER5
AD.com Group : Services's User : 1. S_USER1
2. S_USER2
3. S_USER3
4. S_USER4
5. S_USER5
Now what I want to do is have 802.1x authentication on my Corporate SSID that will check in AD.com, ONLY AND in ONLY corporate group for authentication. That is only C_USER1 to C_USER5 are allowed to connect to it. Users from any other AD group shouldnt be authenticated on this SSID.
The same for the services group & SSID.
Thanks.
Usama
Found the solution on Cisco's URL
http://www.cisco.com/image/gif/paws/115734/ise-policies-ssid-00.pdf
Thanks,