ISE, Active directory and OUs

ISRAEL QUIRARTE · ‎10-31-2014

Hello Everyone

I have an ISE with an AD integration, i am trying to limit the access to the wireless users, i only added one OU "wireless users", but all the users can access to the wireless network, i just want to allow the access to the users in that OU, and block the access to the other users not included in that OU.

Other thing, i am not able to see the attributes from the directory, is this an issue with the AD?.

Regards

Israel

Saurav Lodh · ‎10-31-2014

Refer

"Configuring Active Directory User Attributes" and "Configuring Group Policies in Active Directory" from

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html

ISRAEL QUIRARTE · ‎11-03-2014

I have been trying to limit the users using the OU, but i still having issues, for example i have the ou wireless, user: test1 and other user in a different OU, both users authenticated in the wireless 802.1.x, and i defined in the authorization compound the distinguishedname the ou wireless.

Do you know if there something missing in the ISE?

Regards

Israel

ISRAEL QUIRARTE · ‎11-04-2014

Just to add some information, I added the AD in the external identity sources, and i can see the OUs in the groups, i choosed the ou wireless.

Then i created an authorization compound conditions

Radius Service type: Frame

Radius Nas Port: Wireless -802.1x

and the network access equals domain/users/wireless.

I applied this in my authorization policy.

But it still does not work.