cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
433
Views
0
Helpful
3
Replies
Beginner

802.1x Authentication FlexConnect APs on wlc with ISE 2.3 Configuration?

hi everyone, I want to know if ISE support flex connect AP? My ISE release is 2.3. The authentication method is 802.1X, when connecting flexconnect AP on ise2.3 ,some users is authorized to be accessed, and ACL is configured on ISE to achieve partial user access, but the ACL policy configuration is not effective; when I modify the AP mode to local ap, it will take effect. what can i do to find out the problem? thank you
3 REPLIES 3
Highlighted
Beginner

Re: 802.1x Authentication FlexConnect APs on wlc with ISE 2.3 Configuration?

One option you can use with Flex APs is the "authentication host-mode multi-host". In this scenario only the first MAC address on the port (the AP) will be authenticated, all other MAC addresses (your flex clients) will not be subject to authentication. The controller should be authenticating the flex wireless clients, not the switch. 

There is no specific, "built-in" support in ISE for Flex APs. As with any other devices that connect to the switch ports, there are several options to make them work on the network or to block them

Have a look at this document from Cisco, it goes through potential solutions to your issue.

Beginner

Re: 802.1x Authentication FlexConnect APs on wlc with ISE 2.3 Configuration?

hi agrissimanis,

Thank you very much!
Participant

Re: 802.1x Authentication FlexConnect APs on wlc with ISE 2.3 Configuration?

Hi,

It was discussed before:

https://supportforums.cisco.com/t5/aaa-identity-and-nac/flexconnect-ap-ise-and-neat/m-p/3302383#M67117

 

Doesn't seem to work as intended.

 

Thanks,

Octavian