Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
5
Helpful
3
Replies

cisco-ISE

Anjana A
Level 1
Level 1

‎07-03-2019 11:56 PM - edited ‎07-05-2021 10:39 AM

Hi Team,

Please confirm whether this set up is  possible through Cisco ISE?

 

WLC (cisco) and access points were locally situated  and the Access points were in local mode.

 

 the wlan interface(corporate) is mapped to management interface.

 

 And the requirement is that  users were getting ip adddress from the correct client vlan.

 

And we are using cisco ise for authentication.

 

 Whether this can be possible through  cisco ISE policy by overriding the wlan inetrface mapping.

 

Please explain how we can do this via ISE and explain the stpes involved.

 

Regards,

Anjana.

Labels:
0 Helpful
3 Replies 3

pieterh
VIP
VIP

‎07-04-2019 12:17 AM

Yes this is possible. follow the steps in this document: Dynamic VLAN Assignment with WLCs based on ISE 

balaji.bandi
Hall of Fame
Hall of Fame

‎07-04-2019 05:05 AM

here is the guide for reference :

 

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99121-vlan-acs-ad-config.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

RaffyLindogan
Spotlight
Spotlight

‎07-04-2019 07:27 PM

Hi mate,

 

This is possible.

The steps below assumes that:

 1. WLC and ISE are communicating via RADIUS (WLC added on ISE under Network Resource and RADIUS enabled)

 2. Depending on your authentication result (you can authenticate user based on locally stored username and password on ISE or via AD, etc..)

 3. WLAN is configured already on WLC and AAA server tab on specific wlan is pointing to ISE

 4. Authentication policy on ISE is configured and conditions on both authentication and authorization are defined

 

 

Steps:

 1. Create authorization profile on ISE under Policy/Results/Authorization/Authorization Profile 

 2. Click Add and on the Comman Tasks/VLAN, specify the vlan

 3. Create authorization policy and use that newly created authorization profile on Authorization Policy/Results.

 

 

Let me know if you need further details.

And by the way, if your focus more is on ISE. you can post the question under Security/ISE on this community. :)

 

Cheers,


Raffy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card