cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
518
Views
0
Helpful
3
Replies

ISE 2.1 limited support with WLC 4400 on AAA and Guest service

Tai Eric
Level 1
Level 1

According to Cisco document " Cisco Identity Services Engine Network Component Compatibility, Release 2.1" , it stated that limited support with Cisco WLC 4400 on feature of AAA and Guest service but it doesn't provide any detailed information of what is the supported feature and unsupported feauture on WLC 4400 AAA and Guest services.

Anyone know the detail of supported feature and unsupported feauture on WLC 4400 AAA and Guest services

Regards,

Eric 

 

 

1 Accepted Solution

Accepted Solutions

nspasov
Cisco Employee
Cisco Employee

Hi Eric-

If memory serves me right, 7.0 is the latest version of code that the 4400 controllers can run. This is a problem because CoA (Change of Authorization) was added to the WCL platform in version 7.2. Many of the advanced/cool features of ISE depend on CoA: CWA (Central Web Authentication), Posture, BYOD are just a few to mention. Here is a quick summary of features and support:

Scenarios                      WLC 7.0            7.2
802.1X Auth                     Yes               Yes
802.1X + Posture                Yes               Yes
802.1X + Profiling              Yes               Yes
Web Auth + Posture              No                Yes
Web Auth + Profiling            Inventory only    Yes
Central Web Auth(CWA)           No                Yes
Local Web Auth(LWA)             Yes               Yes

So with regards to guest, you will only be able to run LWA (Local Web Authentication).

With that said, ISE 2.1 introduced additional support for devices that do not support CoA. One of those features is the DHCP/DNS services with an Auth VLAN. This feature allows those advanced features (CWA, Posture, etc) to be supported on devices such as the 4400s to support. For more information on that you can check ISE's Admin Guide:
http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01000.html

I hope this helps!

Thank you for rating helpful posts!

View solution in original post

3 Replies 3

nspasov
Cisco Employee
Cisco Employee

Hi Eric-

If memory serves me right, 7.0 is the latest version of code that the 4400 controllers can run. This is a problem because CoA (Change of Authorization) was added to the WCL platform in version 7.2. Many of the advanced/cool features of ISE depend on CoA: CWA (Central Web Authentication), Posture, BYOD are just a few to mention. Here is a quick summary of features and support:

Scenarios                      WLC 7.0            7.2
802.1X Auth                     Yes               Yes
802.1X + Posture                Yes               Yes
802.1X + Profiling              Yes               Yes
Web Auth + Posture              No                Yes
Web Auth + Profiling            Inventory only    Yes
Central Web Auth(CWA)           No                Yes
Local Web Auth(LWA)             Yes               Yes

So with regards to guest, you will only be able to run LWA (Local Web Authentication).

With that said, ISE 2.1 introduced additional support for devices that do not support CoA. One of those features is the DHCP/DNS services with an Auth VLAN. This feature allows those advanced features (CWA, Posture, etc) to be supported on devices such as the 4400s to support. For more information on that you can check ISE's Admin Guide:
http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_01000.html

I hope this helps!

Thank you for rating helpful posts!

Hi Neno Spasov,

  Thanks for the information, it did help a lots.

Regards,

Eric Tai

You are welcome Eric! Glad I was able to help! :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: