Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1429
Views
0
Helpful
3
Replies

NAD AP

Go to solution
creserva1
Level 1
Level 1

‎01-11-2019 01:51 PM

When a clients connects to our wireless networks the endpoints shows up under Context Endpoints on ISE. Since we only have one controller but we have multiple remote office and we are using Flexconnect everyone who gets profiled the network device is WLC. 

 

My question is how can I make ISE so when someone connects to AP1 that is on a remote office will show up AP1 instead of the WLC? Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aravind Ravichandran
Level 3
Level 3

‎01-13-2019 07:54 AM

In WLC, under Radius authentication-> Auth Called Station ID Type various options are there like AP name/AP group/AP name:SSID. If you call that NAD will send AP details also in radius packet to ISE.

Once it is enable, you can see AP name details under context visibility as SSID/Called station id.

Also you can create a new context visibility report like SSID & call all the Auth attributes. So that you can filter the endpoints based on AP name under SSID column.

 

You can't make AP name apper under Network device. Rather that you can create a attribute like Radius: called station-id starts with <AP-name>(example: LONUKAP) & you can call that in Authorization policy. Then you can filter based on authorization policy in raidus live session.Likewise you can create as many authorization policy based on Remote locations

 

-Aravind

-Aravind

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Aravind Ravichandran
Level 3
Level 3

‎01-13-2019 07:54 AM

In WLC, under Radius authentication-> Auth Called Station ID Type various options are there like AP name/AP group/AP name:SSID. If you call that NAD will send AP details also in radius packet to ISE.

Once it is enable, you can see AP name details under context visibility as SSID/Called station id.

Also you can create a new context visibility report like SSID & call all the Auth attributes. So that you can filter the endpoints based on AP name under SSID column.

 

You can't make AP name apper under Network device. Rather that you can create a attribute like Radius: called station-id starts with <AP-name>(example: LONUKAP) & you can call that in Authorization policy. Then you can filter based on authorization policy in raidus live session.Likewise you can create as many authorization policy based on Remote locations

 

-Aravind

-Aravind
0 Helpful

Go to solution
creserva1
Level 1
Level 1
In response to Aravind Ravichandran

‎01-13-2019 06:47 PM - edited ‎01-13-2019 06:49 PM

There is one AP right now that shows up on the context visibility. I don't understand why and how just suddenly showed up. 

 

I did got this message that unknown NAD and this is not our WLC.  So I started adding AP to the NAD devices on ISE but it has not shows up yet. 

 

Capture11.PNGCapture111.PNG

0 Helpful

Go to solution
Aravind Ravichandran
Level 3
Level 3
In response to creserva1

‎01-14-2019 12:01 AM

Radius flow will be like Endpoint>AP>WLC>ISE.WLC is the one which forwards the AAA request to ISE,Hence there is no meaning in adding AP under Network device.

-Aravind
0 Helpful
Customers Also Viewed These Support Documents