cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
907
Views
5
Helpful
8
Replies

ISE wireless with HP core switch

Hi all,

We are planning to implement ISE for Wireless users. Our core switch is HP and our WLC is 5500.

I would like to know if we need to change our core switch so that we can use ISE or there is no need to change it.

 

 

2 Accepted Solutions

Accepted Solutions

M. Wisely
Level 4
Level 4

There's no need to change switches, we use HP switches to provide power and connectivity to our APs and controllers and it works well. The only thing I'd suggest is on your controller and APs, disable CDP as it's not much use with non Cisco switches.

View solution in original post

All you need to configure on an interface connecting to a WLC is to trunk your vlans.

View solution in original post

8 Replies 8

switch access to which APs are connected are also HP. do we need to change them to Cisco or supported switch?

M. Wisely
Level 4
Level 4

There's no need to change switches, we use HP switches to provide power and connectivity to our APs and controllers and it works well. The only thing I'd suggest is on your controller and APs, disable CDP as it's not much use with non Cisco switches.

Hi Martin,

 

Thanks a lot for your reply.

So there is no configuration to do on the access/core switch in the interface connected to the WLC/AP?

All you need to configure on an interface connecting to a WLC is to trunk your vlans.

Ok, Thank you very much Martin.

We will try to configure the ISE for wireless and maybe will ask for your reply later :).

 

Thanks again

Hi Martin,

I would like to ask you a question about the design.
Let's say that we have 2 user groups
- 1 for empoyee, they can use their iphone/ipad or the company computer
- 1 for guest

I would like to know how many SSID should we create and how many VLAN.
Do we need a VLAN for quarantaine user? different vlan for user before and after authentication? different vlan for ipad/iphone and for computer?

 

Thanks and Best Regards

 

You'd need 2 separate SSIDs as the access method will be different for each, e.g:

Employee - WPA2 and 802.1x

Guest - Webauth

You don't have to have a quarantine, we do but it's not essential.

For your employee WLAN you could have just one VLAN or you could have multiple. We started off with just one for our employee WLAN but now we've got several on each WLC (laptops, medical devices, etc.). I would suggest starting off simple with one.

Your employee WLAN clients won't get an address until after they authenticate so you don't need a VLAN before then.

 

Thanks a lot for all your help Martin, we extremely appreciate.

How to proceed if we would to apply different authorization for employee users?

For now, we have wired users but will not be authenticated/authorized by ISE.
But wired and wireless users  will belong to the same service.

Should we put wireless users (who use ISE) to different vlan than wired users (who do not use ISE) or can we put them in the same vlan?

 

Thanks and Best Regards