Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


ISE question - per wlan radius methods

I just ran into this, and have not yet scoured the forums, or the docs.

we have ISE authenticating our internal wlan. We do not have LEAP enabled as an accepted protocol, and have no plans of enabling it.

however, we do have scanners and printers in use in our warehouses, between 500-600 total, that are using LEAP. I do not know the capabilities of these devices, but reconfiguring them to use PEAP would be a nightmare. These devices are used on a separate wlan with mac filtering.


my  question is:

within ISE, can I set up a radius method that includes LEAP, that will only authenticate on this wlan, and continue to use our current (which does not include LEAP) for our internal wlan? Just different methods, per wlan. I know the policy flow would have to match the wlan, then call the appropriate method.


If anyone knows offhand if this is possible, I will do the research and figure it out. I'm just wondering if this can be done. Again, just ran into this and trying to figure out something, because I do not want to accept LEAP on our internal wlan.

Thanks - chris


Rising star

Certainly, if your LEAP devices are on another wlan than your internal users/devices, this can be done. You can decide what eap protocols to allow in your authentication policy rules, ex. match the ssid and then select an Allowed Protocol defnition where LEAP is the only allowed protocol.

very good, thanks Jan. That's really all I needed to know, so I didn't spend a whole bunch of time looking into it if it couldn't be done. I'll get to researching and digging through the docs.


thanks again, I appreciate it.



Content for Community-Ad