cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

425
Views
5
Helpful
2
Replies
Beginner

ISE and VLAN Assignment

Hi

We have a WiSM2 (ver 8.2.167.6) providing an 802.1x wireless profile to staff and students.  RADIUS is in the form of ISE (ver 2.3.0.298) that uses MS Active Directory as the database.  Depending on which AD group a client belongs to will determine which VLAN Tag ISE sends to the WLC, and therefore which VLAN the wireless users is assiged to.  This setup works fine.

 

Problem I have is that on a particular busy day (hosting a staff conference) we ran out of IP addresses on the Staff VLAN so new users could authenticate to ISE but were unable to get on the network. 

 

The simplest workaround is just to increase the size of the DHCP scope, however I am reluctant to create a very large subnet.  The only other way I can thing of is to create new AD groups, splitting staff into the groups and getting ISE to use different VLAN tags for each AD group.  However we have a lot of staff and the administrative overhead for this approach will not be welcomed by the Server team.

 

Is there any other way I can split staff onto more than one VLAN using the ISE?

2 REPLIES 2
Beginner

Re: ISE and VLAN Assignment

Use interface groups at the WiSM, then use the Airespace-Interface-Name attribute to tell the WLC which interface-group name to use, rather than the VLAN.

 

Using interface-groups, the WLC will choose which VLAN to put the client on based on which interfaces are in the interface-group.  You could have up-to 64 interfaces in an interface-group at the WiSM2, so if you don't like large subnets you could create up-to 64 /24 subnets (they can be bigger or smaller though) and add them to one interface-group, then attach that to the WLAN.

Highlighted
Beginner

Re: ISE and VLAN Assignment

Hi

Sorry for the delayed response, been on holiday.  Yes this has proved to be the solution, so thank you for taking the tine to respond.

Regards

 

Terry