Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1890
Views
15
Helpful
2
Replies

WLC BDRL with AAA from ISE

Go to solution
Scottie_Laforge
Level 1
Level 1

‎03-17-2021 04:31 PM

Hi All,

 

Can I double check that the BDRL advance attribute values that get returned by ISE are now different in the IOS-XE 9800 WLC than previously in AireOS WLCs? 

 

AireOS BDRL with ISE

Aire-Real-Time-Bandwidth-Average-UpStream-Contract = 1024
Aire-Data-Bandwidth-Average-DownStream-Contract = 1024
Aire-Data-Bandwidth-Burst-UpStream-Contract = 2048
Aire-Real-Time-Bandwidth-Burst-DownStream-Contract = 2048
Aire-Real-Time-Bandwidth-Average-DownStream-Contract = 1024
Aire-Real-Time-Bandwidth-Burst-UpStream-Contract = 2048

 

9800 WLC BDRL with ISE

ip:sub-qos-policy-in=<policy name>

ip:sub-qos-policy-out=<policy name>

 

And the <policy name> references the QoS profile locally configured on the WLC?

 

I assume that the old Authorization profiles on ISE for AireOS WLCs will no longer work and new Auth profiles will need to be created for the 9800.

 

Thanks in advance,

SL

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎03-17-2021 07:32 PM

Correct. AireOS and IOS-XE are entirely different types of operation system, so some of the configurations must be done differently. Another example is that C9800 WLC uses Downloadable ACLs rather than Airespace ACLs.

The way I've accommodated this with some deployments was to create a new root level Network Device Group called "WLC OS Type" with child NDGs for "IOS-XE" and "AireOS" then specified these values in my WLC Network Devices.

These values can then be used as matching conditions in Policy Sets and AuthC/AuthZ policies.

View solution in original post

2 Replies 2

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎03-17-2021 07:32 PM

Correct. AireOS and IOS-XE are entirely different types of operation system, so some of the configurations must be done differently. Another example is that C9800 WLC uses Downloadable ACLs rather than Airespace ACLs.

The way I've accommodated this with some deployments was to create a new root level Network Device Group called "WLC OS Type" with child NDGs for "IOS-XE" and "AireOS" then specified these values in my WLC Network Devices.

These values can then be used as matching conditions in Policy Sets and AuthC/AuthZ policies.

Go to solution
Scottie_Laforge
Level 1
Level 1
In response to Greg Gibbs

‎03-18-2021 05:53 AM

Much appreciated. Thanks for the NDG tip I will give that a go.

 

Cheers

Customers Also Viewed These Support Documents