Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


WLC RADIUS attribute with Cisco ISE

Hi All,

Does anyone get the same result as me when integrating Cisco ISE with Wireless LAN Controller ?

My Authentication Policy :

     Name: IsGuestAuthen

     IF "WLC_Authentication" THEN "Default Network Access" > "Internal Users"

My Authorization Policy :

     Name: IsGuestAuthen

     IF "Guest" THEN "InternetOnly"

When I monitoring on the Live Authentication page, I can see only the MAC address and a guest account that authenticated. I cannot see the IP address of the guest client. Do you get the same result as me ?

Please advise on how to get the IP address of the guest client to show on the Live Authentication Page.


Pongsatorn Maneesud

Tarik Admani


You want the mac address to come through in the access-request because of the radius probe feature. If you change the calling station id to the ip address then you lose the ability to validate the endpoint the client is authenticating through.

However you should be able to go the endpoint database and see the ip address that it was assigned via dhcp.


Tarik Admani
*Please rate helpful posts*


Can I show both of them in the Live Authentication ?

As I understand, this is the limitation of WLC RADIUS attribute "Frame-IP-Address". Am I right ?

It would be useful if we can see in the same screen due to the correlation information.


Pongsatorn Maneesud is the list of attributes sent in the access-request from the wlc -

The framed ip address is sent in the accounting packet which doesnt appear in the live authentication report.

If you are up to speed on rest api's here is some reference material on this:

You can also run radius accounting report and filter it based off of account-start packets which will have the username and the ip address along with the mac address.


Tarik Admani
*Please rate helpful posts*

I have the same problem. Also want to see the guest ip address in the live authentication. We need the correlation between MAC-USER-IP for legal reasons. Was hoping that ISE could solve this, but apparently it can't.

HI gnijs,

Any updated regarding your post. I need the same information from ISE.



Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube