02-21-2023 11:25 PM
Hi All
Based on the following : https://www.youtube.com/watch?v=iAKyIHFqbgE&t=3067s&ab_channel=CiscoISE-IdentityServicesEngine :
Is it possible we do "Dynamic VLAN assigment" for WIndows 10 devices Managed by Intune (Hybrid Joined) ? example : HR ppl login to onpremies wired LAN and get assigned to VLAN 10 only . similarly do segmentation based on Azure AD groups
Solved! Go to Solution.
02-22-2023 04:35 AM - edited 02-22-2023 04:38 AM
Sure, Dynamic VLAN assignment can be configured in the Authorization Profile. Though, I'd encourage you to read this thread describing the issues with dynamic VLAN assignment: https://community.cisco.com/t5/network-access-control/endpoints-getting-ip-from-switchport-vlan-before-ise-changes/td-p/4779903
Segmentation based on Azure AD Groups can be done using ISE 3.2 and EAP-TLS.
02-22-2023 04:35 AM - edited 02-22-2023 04:38 AM
Sure, Dynamic VLAN assignment can be configured in the Authorization Profile. Though, I'd encourage you to read this thread describing the issues with dynamic VLAN assignment: https://community.cisco.com/t5/network-access-control/endpoints-getting-ip-from-switchport-vlan-before-ise-changes/td-p/4779903
Segmentation based on Azure AD Groups can be done using ISE 3.2 and EAP-TLS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide