cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
399
Views
2
Helpful
4
Replies

Posture Assessment with APs in FlexConnect Local Switching Mode

emre.aydin1
Level 1
Level 1

Hi folks,

One of my customers is planning to place ISE to implement 802.1x and posture assessment with agent. They have 9800 WLCs in datacenter, which manage APs in number of locations. If APs worked in local (tunnel) mode through WLC, posture assessment would be easy; because WLC would be managing everything. However, APs are working in FlexConnect Local Switching mode. Is there a way to do posture assessment in this scenerio without needing anything else? If yes, who handles authentication, authorization and CoA sessions? Is it AP? If it is AP, then is AP's model important?

 

Thanks in advance

4 Replies 4

You can use 

Central authentication 

This make AP local switching and central authc.

For CoA I will check be I think it work with central Authc.

MHM

""Flexconnect Local Switching Access Points Only

What if you have Flexconnect local switching access points and WLANs? The previous sections are still valid. However, you need an extra step in order to push the redirect ACL to the APs in advance.""

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html#toc-hId-814074466

MHM

emre.aydin1
Level 1
Level 1

Thank you @MHM Cisco World for the answer.

I am wondering about posture flow handling after provisioning client for agent. Is that only managed by wlc regardless of AP model (2702, 2802, 9115 in my deployment) in FlexConnect mode? I am worrying if posture state changing, CoA process, authentication and authorization can be sent and applicable in remote site, and worrying ap's inadequacy in a situation that it must be handling.

Add new ssid fo test apply step I share in link' and check posture.

I do think it will work.

Please update me 

Thanks 

MHM