cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
978
Views
0
Helpful
1
Replies

Access Point AAA authentication using ISE

martaylor
Level 1
Level 1

Hi

On a WLAN network for one of our customers we only allow APs to connect if they authorise against a AAA radius server using the mac address of the AP ethernet interface as the username and password. Currently we do this using an ACS as the AAA radius server.

We have a company wide password policy that wont change, that states all passwords need to be alpha numeric

Some new APs have been delivered and installed have the mac address that is numeric only

We also have an ISE for WLAN user authentication & authorisation.

Has anyone set up the ISE to act as the AAA radius server for AP authorisation and if so do you have any examples of the config used on the ISE

Could you also let me know what ISE licenses are needed to allow an AP to authenticate against an ISE.

Thanks

Martyn

1 Reply 1

HI

Enable RADIUS Change of Authorization (CoA) ... Enables ISE to act as a AAA server when interacting with the client at IP address 10.0.56.17. RADIUS Servers Configuration. Configure the switch to interoperate with Cisco ISE acting as the RADIUS source server.

Check the below threads for configuration examples.

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.html

https://supportforums.cisco.com/discussion/11665651/cisco-ise-external-radius-server

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: