10-09-2018 01:49 AM - edited 07-05-2021 09:16 AM
As per this document, https://community.cisco.com/t5/security-documents/how-to-universal-wireless-controller-wlc-configuration-for-ise/ta-p/3631013
wlan aaa-override enable is mentioned as mandatory.
Can anyone mention the use of it & help with the attributes to be mentioned in ISE authorization profile.
Solved! Go to Solution.
10-09-2018 04:20 AM
Hi Ravi,
No its not mandatory.
it used only on when yu need to apply VLAN tagging, Quality of Service (QoS), and Access Control Lists (ACLs) to individual clients based on the returned RADIUS attributes from the AAA server.
Regards
Dont forget to rate helpful posts
10-09-2018 04:20 AM
Hi Ravi,
No its not mandatory.
it used only on when yu need to apply VLAN tagging, Quality of Service (QoS), and Access Control Lists (ACLs) to individual clients based on the returned RADIUS attributes from the AAA server.
Regards
Dont forget to rate helpful posts
10-09-2018 06:04 AM
Hi Sandeep,
I am in plan of performing Posture via ISE in future, Hence i have done below configuration on authorization attribute. But haven't enabled aaa over-ride at the WLAN and not applied the Airespace ACL on the access points. But i haven't faced any issue now on authentication. Is it ok to keep this config or i need to enable aaa over-ride and apply acls on Access points. Please help me to get the appropriate config.
Authorization Access Type : ACCESS_ACCEPT
Airespace ACL Name: WiFi-Access
10-09-2018 09:42 PM - edited 10-09-2018 09:43 PM
If you want to push ACL from ISE then yes you nedd to enable it otherwise "WiFi-Access" will not apply to clients.
Best would be to create a test SSID with AAA Override and check if Clients getting ACL from ISE or not!!!!
Regards
Dont forget to rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide