cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

185
Views
0
Helpful
1
Replies
Highlighted
Beginner

WLAN's & Active Directory Groups

Hi all,

I'm looking for a way to authenticate users to different WLAN's using Active Directory. I currently have a single WLAN that users connect to and authenticate using their AD credentials. What I want to do is stand up a new, more tied down WLAN that a subset of these users can also connect to. 

What is the best way to achieve this?

Many thanks

Everyone's tags (5)
1 REPLY 1
Highlighted
Beginner

You could use "Airespace

You could use "Airespace:Airespace-Wlan-Id EQUALS <YOUR WLAN ID FROM WLC>" condition to catch the specific WLAN and then "MYDOMAIN:ExternalGroups EQUALS mydomain.com/<SOME SPECIAL AD GROUP>" to allow only that particular AD group.

You just need to keep in mind that if you have this new rule above the existing rule for the other WLAN, you will still allow all AD users to access your restricted WLAN, because there are no conditions that restrict the original rule.