Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
5
Helpful
3
Replies

Is aaa-override is mandatory for ISE wireless authentication?

Go to solution
Sathiyanarayanan Ravindran
Spotlight
Spotlight

‎10-09-2018 01:49 AM - edited ‎07-05-2021 09:16 AM

As per this document, https://community.cisco.com/t5/security-documents/how-to-universal-wireless-controller-wlc-configuration-for-ise/ta-p/3631013 

 

wlan aaa-override enable is mentioned as mandatory.

 

Can anyone mention the use of it & help with the attributes to be mentioned in ISE authorization profile.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎10-09-2018 04:20 AM

Hi Ravi,

No its not mandatory.

it used only on when yu need to apply VLAN tagging, Quality of Service (QoS), and Access Control Lists (ACLs) to individual clients based on the returned RADIUS attributes from the AAA server.

 

Regards

Dont forget to rate helpful posts

View solution in original post

3 Replies 3

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎10-09-2018 04:20 AM

Hi Ravi,

No its not mandatory.

it used only on when yu need to apply VLAN tagging, Quality of Service (QoS), and Access Control Lists (ACLs) to individual clients based on the returned RADIUS attributes from the AAA server.

 

Regards

Dont forget to rate helpful posts

Go to solution
Sathiyanarayanan Ravindran
Spotlight
Spotlight
In response to Sandeep Choudhary

‎10-09-2018 06:04 AM

Hi Sandeep,

 

I am in plan of performing Posture via ISE in future, Hence i have done below configuration on authorization attribute. But haven't enabled aaa over-ride at the WLAN and not applied the Airespace ACL on the access points. But i haven't faced any issue now on authentication. Is it ok to keep this config or i need to enable aaa over-ride and apply acls on Access points. Please help me to get the appropriate config.

Authorization Access Type : ACCESS_ACCEPT

Airespace ACL Name: WiFi-Access

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Sathiyanarayanan Ravindran

‎10-09-2018 09:42 PM - edited ‎10-09-2018 09:43 PM

If you want to push ACL from ISE then yes you nedd to enable it otherwise  "WiFi-Access" will not apply to clients.

 

Best would be to create a test SSID with AAA Override and check if Clients getting ACL from ISE or not!!!!

 

Regards

Dont forget to rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card