This does indeed work

Roger Alderman · ‎08-14-2014

Hi All

I am using a 5760 wireless controller running 3.6 code and an ISE appliance running 1.2.1 code.

I have 3 SSIDs configured and I want to be able to differentiate between them in the ISE Profiles.

The only logical way I can see to differentiate between policy sets in ISE is to use the SSIDs.

However, I can't seem to get the policies working using the SSIDs.

I've found a document that states you have to use Radius Called Station ID=*(:SSID)$ but this format either doesn't work or the 5760 isn't sending the SSID in the Radius request.

Does anyone have any knowledge of this?

I know that you can tell a 5508 controller to send the SSID but I can't verify that the 5760 is actually sending it until I can set up some wireshark captures.

Any ideas of how to create separate ISE Policies for the different SSID clients?

Regards

Roger

nspasov · ‎08-15-2014

Please attach a copy of the config

Thank you for rating helpful posts!

Roger Alderman · ‎08-31-2014

This does indeed work (Airespace-Wlan-Id EQUALS <WLAN ID value>) and is what I am currently using as a resolution. My preference is to use a specific SSID but there is a bug that stops it working at the moment. I am using the WLAN Index as the condition for the Policy Sets.

Saurav Lodh · ‎08-22-2014

Please post the Authorization policies over here. Refer

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115734-ise-policies-ssid-00.html

andrew.chappelle · ‎08-27-2014

Hi Roger,

What's working for me is to use this in each Policy Set:

Airespace-Wlan-Id EQUALS <WLAN ID value>

Seems to work for my site, hope it helps.

Andrew