cisco-ISE

Anjana A · ‎07-03-2019

Hi Team,

Please confirm whether this set up is possible through Cisco ISE?

WLC (cisco) and access points were locally situated and the Access points were in local mode.

the wlan interface(corporate) is mapped to management interface.

And the requirement is that users were getting ip adddress from the correct client vlan.

And we are using cisco ise for authentication.

Whether this can be possible through cisco ISE policy by overriding the wlan inetrface mapping.

Please explain how we can do this via ISE and explain the stpes involved.

Regards,

Anjana.

pieterh · ‎07-04-2019

Yes this is possible. follow the steps in this document: Dynamic VLAN Assignment with WLCs based on ISE

balaji.bandi · ‎07-04-2019

here is the guide for reference :

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

RaffyLindogan · ‎07-04-2019

Hi mate,

This is possible.

The steps below assumes that:

1. WLC and ISE are communicating via RADIUS (WLC added on ISE under Network Resource and RADIUS enabled)

2. Depending on your authentication result (you can authenticate user based on locally stored username and password on ISE or via AD, etc..)

3. WLAN is configured already on WLC and AAA server tab on specific wlan is pointing to ISE

4. Authentication policy on ISE is configured and conditions on both authentication and authorization are defined

Steps:

1. Create authorization profile on ISE under Policy/Results/Authorization/Authorization Profile

2. Click Add and on the Comman Tasks/VLAN, specify the vlan

3. Create authorization policy and use that newly created authorization profile on Authorization Policy/Results.

Let me know if you need further details.

And by the way, if your focus more is on ISE. you can post the question under Security/ISE on this community. :)

Cheers,

Raffy