cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1202
Views
3
Helpful
4
Replies

[ISE or ACS] EAP-TLS or profiling only on same SSID

Patrick Tran
Level 1
Level 1

Hi,

I can configure only one SSID on which 2 types of devices have to connect:

  • Devices with certificates connect on this SSID using EAP-TLS
  • Devices without certificates that ISE profiles (or ACS checks their MAC Addresses)

Could this work?

How can I configure this type of SSID on WLC?

  • 802.1X works
  • 802.1X+MacFiltering Works.
  • I didnt succeed to configure 802.1X OR MAC Filtering...

 

Thanks for your help,

Patrick

 

 

1 Accepted Solution

Accepted Solutions

nspasov
Cisco Employee
Cisco Employee

Hello Patrick-

Unfortunately, I don't believe this is currently possible in the Cisco wireless world with a single SSID. For your example, you will need two separate SSIDs. Something similar has been asked before:

https://supportforums.cisco.com/discussion/11941331/isewireless-nacone-ssid-mab-and-dot1x

Hope this helps!

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!

View solution in original post

4 Replies 4

Saurav Lodh
Level 7
Level 7

Have you checked the BYOD guide below? Refer the Authentication rules

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_ISE.html

Thanks for your answer.

Devices without certificates are not a smartphone but a specific device that cant receive a certificat from ISE.

My use case is not possible (answer from my Cisco support) so I will close this topic.

Hi Patrick, 

Yes, that´s possible, You can use MAB for devices that cannot handle certificates on the same SSID. 

 

 

nspasov
Cisco Employee
Cisco Employee

Hello Patrick-

Unfortunately, I don't believe this is currently possible in the Cisco wireless world with a single SSID. For your example, you will need two separate SSIDs. Something similar has been asked before:

https://supportforums.cisco.com/discussion/11941331/isewireless-nacone-ssid-mab-and-dot1x

Hope this helps!

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!