Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
1
Helpful
2
Replies

Cisco ISE dynamic assign vlan for MAC in specific WiFi group of device

JSNascimento
Level 1
Level 1

‎01-31-2024 12:38 PM

Hello!

I have a WiFi network with Cisco WLC 5520 running well connecting with Cisco ISE 3.0 integrated with Microsoft AD.

But I want to implement another layer in the authentication fluxe to permit that all MACs should be verified if are part of a specific group. If this MACs are in the specific group these will receive a different and specific vlan.

Can anyone here give tips or indicate a document with instructions for this?

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎01-31-2024 12:50 PM - edited ‎01-31-2024 01:00 PM

there are two attribute help here 
calling station ID <<- this MAC of Wifi user and you can use it as condition to specify  the VLAN 
called station ID 

MHM

0 Helpful

Haydn Andrews
VIP Alumni
VIP Alumni

‎01-31-2024 01:08 PM

Why, management of adding the MACs to a group is a pain. Then there is muliple operating systems starting to use randomise MAC address. Your setting yourself up for an admin nightmare.

You would be better doing EAP-TEAP authentication and verify the machine certificate and then user certificate/ PEAP for the user authentication.

That being said you can do it

WLAN: SSID 802.1x

ISE policy 802.1x, then in the Authz policy have line like if user in group A and calling station ID in endpoint group A return VLAN A

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card