cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

273
Views
0
Helpful
2
Replies
Highlighted
Participant

ISE question - per wlan radius methods

I just ran into this, and have not yet scoured the forums, or the docs.

we have ISE authenticating our internal wlan. We do not have LEAP enabled as an accepted protocol, and have no plans of enabling it.

however, we do have scanners and printers in use in our warehouses, between 500-600 total, that are using LEAP. I do not know the capabilities of these devices, but reconfiguring them to use PEAP would be a nightmare. These devices are used on a separate wlan with mac filtering.

 

my  question is:

within ISE, can I set up a radius method that includes LEAP, that will only authenticate on this wlan, and continue to use our current (which does not include LEAP) for our internal wlan? Just different methods, per wlan. I know the policy flow would have to match the wlan, then call the appropriate method.

 

If anyone knows offhand if this is possible, I will do the research and figure it out. I'm just wondering if this can be done. Again, just ran into this and trying to figure out something, because I do not want to accept LEAP on our internal wlan.

Thanks - chris

 

2 REPLIES 2
Highlighted
Rising star

Re: ISE question - per wlan radius methods

Certainly, if your LEAP devices are on another wlan than your internal users/devices, this can be done. You can decide what eap protocols to allow in your authentication policy rules, ex. match the ssid and then select an Allowed Protocol defnition where LEAP is the only allowed protocol.
Highlighted
Participant

Re: ISE question - per wlan radius methods

very good, thanks Jan. That's really all I needed to know, so I didn't spend a whole bunch of time looking into it if it couldn't be done. I'll get to researching and digging through the docs.

 

thanks again, I appreciate it.

Chris