Solved: FlexConnect Clients showing as wired and wireless in Cisco ISE

Chris Terry · ‎12-05-2023

We're using Cisco ISE version 3.2 patch 4. Cisco 5520 WLC version 8.10.183.0.

I implemented FlexConnect. I'm seeing clients show up Wired and Wireless clients in Cisco ISE. The Wireless authentications show the WLC as the Network Device, NAS port type as 802.11, and use dot1x authentication. The wired authentications show the Switch the AP is connected to as the Network Device, NAS port type as ethernet, and use MAB authentication.

Is there a way to prevent the wireless clients from authenticating via the switch and wired MAB?

MHM Cisco World · ‎12-05-2023

No need anything except remove 802.1x from port connect to AP.

Why you need two l2 secuirty in your network.

MHM

View solution in original post

ammahend · ‎12-05-2023

if you asking to prevent wireless devices from connecting to wired jacks, then yes use port security, don't think you can do any other way or if the devices are managed through some central control like mdm then something at device level can done.

-hope this helps-

MHM Cisco World · ‎12-05-2023

No need anything except remove 802.1x from port connect to AP.

Why you need two l2 secuirty in your network.

MHM

ammahend · ‎12-05-2023

how would that stop a laptop on wireless to hook into a wall jack ?

-hope this helps-

MHM Cisco World · ‎12-05-2023

@ammahend wrote:

how would that stop a laptop on wireless to hook into a wall jack ?

Only the port connect to AP disable 802.1x other sw port he can use it.

ammahend · ‎12-05-2023

actually i should have asked you this before, it is the same mac address you are seeing as wired and wireless client on ISE ?

-hope this helps-

Chris Terry · ‎01-16-2024

Sorry for the late reply. Yes I am seeing the same MAC for the wired and wireless authentications. I removed the 802.1x config on the port and the clients are showing correctly now. They're authing via the WLC