Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
3
Helpful
3
Replies

Just looking for good documentation to learn about VLAN Assignment.

Go to solution
jmilay
Beginner
Beginner

‎04-18-2018 11:17 AM

Can someone lead me to good articles in relation to understanding/configuring VLAN assignment?  i.e. one SSID assigning vlan based on AD group and/or network location?

1 Accepted Solution

Accepted Solutions

Go to solution
paul
Advocate
Advocate

‎04-18-2018 12:52 PM

Not sure if you will find specific documentation on this, but the only thing you need to add to your authorization profiles is a VLAN assignment.  Then the rest is just crafting your authorization rules to apply the correct authorization profile that has the VLAN you want assigned.

If you are doing centralized wireless, i.e. not FlexConnect, as long as the WLC has an interface on the VLAN assigned from ISE the user will get moved to that VLAN. 

In FlexConnect it gets a bit tricker.  If the VLAN is in use by another SSID then there is no problem assigning the VLAN to a FlexConnect client.  If the VLAN isn't used by any WLAN then you first have to "push" the VLAN information out the the FlexConnect AP.  The way I have done that in the past is using the AAA VLAN-ACL mapping tab in your FlexConnect group.  Add whatever VLANs you need there and assign "none" as the ingress and egress ACL.  That will make the AP aware of the VLAN and allow the VLAN assignment in ISE to work.

View solution in original post

3 Replies 3

Go to solution
paul
Advocate
Advocate

‎04-18-2018 12:52 PM

Not sure if you will find specific documentation on this, but the only thing you need to add to your authorization profiles is a VLAN assignment.  Then the rest is just crafting your authorization rules to apply the correct authorization profile that has the VLAN you want assigned.

If you are doing centralized wireless, i.e. not FlexConnect, as long as the WLC has an interface on the VLAN assigned from ISE the user will get moved to that VLAN. 

In FlexConnect it gets a bit tricker.  If the VLAN is in use by another SSID then there is no problem assigning the VLAN to a FlexConnect client.  If the VLAN isn't used by any WLAN then you first have to "push" the VLAN information out the the FlexConnect AP.  The way I have done that in the past is using the AAA VLAN-ACL mapping tab in your FlexConnect group.  Add whatever VLANs you need there and assign "none" as the ingress and egress ACL.  That will make the AP aware of the VLAN and allow the VLAN assignment in ISE to work.

Go to solution
jmilay
Beginner
Beginner
In response to paul

‎04-19-2018 06:10 AM

Thank you for the information.  This will definitely get me headed in the right direction.

0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎04-19-2018 04:32 AM

ISE Config guide should help you with how to create authorization profile with VLAN based assignment

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents