cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
318
Views
5
Helpful
4
Replies
Highlighted
Beginner

WLC - Dynamic VLAN assigment failed authentication to a VLAN

Hello All ,

 

While Configuring Dynamic VLAN assignment on WLC  , is there any option like in wired 802.1X , that failed clients drop in a specified VLAN . Not able to find any such option in case of wireless ?  If we want to put failed authenticated clients is a specified VLAN .

 

Thanks in anticipation.

 

Adnan

4 REPLIES 4
Highlighted
Beginner

I am not sure what you mean in the question.

 

If the SSID is setup for 802.1x authentication against a radius server then you would just have a rule that says if the client does not match any known Identity sources then place it in vlan "X". This way the wireless client will pass authentication and be placed in the VLAN you specified.

 

If the radius server does not have an identity source and you have told it to respond as a failed request then the WLC will see this as a failure and de-authenticate the client. 

 

To answer your question, no you cannot have the WLC respond purely on its own to a failed 802.1x request and place the client in a different vlan, it has to come from the radius server.

 

Regards

Highlighted
Contributor

"is there any option like in wired 802.1X", I think you meant Wireless 802.1X.

there are many ways of doing it, I have attached one example

 

I have not tested it with a client, but it you try let us know if it worked

-Rate helpful posts-
Highlighted

Thanks ammahend ..

 

Surely this seems to be thing We were looking for . But what application is this ?  We are using MS NPS ... Don't thing NPS has this sort of option ...

Highlighted

Its Cisco's Identity Services Engine (ISE), you can learn more here. it is available as an OVA for free for 90 days for 100 devices, if you want to try.

https://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html

 

 

-Rate helpful posts-
Content for Community-Ad

This widget could not be displayed.