You need to use the Called

Knutsen2004 · ‎04-09-2015

Hi

Im setting up a Dot1X authentication using ISE 1.3 and 5760/3850 WLAN controllers. The problem is that im not able to match my authentication policy defined on ISE. It jumps directly to the default policy, im using Called Station id= SSID but it is not able to match this.

I have configured this before on WLC Air OS but not with converged access. Is there something that needs to be done on the 3850 wlc to send this info to ISE ?

Scott Fella · ‎04-09-2015

Since you are seeing hits to your default policy, then at least the communication is working between the two. I would use the called station id contains and try that. Also, I would make the policy very basic to start with and then start adding more rules to your policies to help determine what rules are not working.

-Scott

-Scott
*** Please rate helpful posts ***

Knutsen2004 · ‎04-09-2015

Yes i can see that everything is working, with certificate and other stuff..It is only that it is not matching the SSID.

I have tried different ways to do the SSID filtering:

NAS port ID Equals SSID,

Called Station ID Equals SSID

But noen of these works. Does anyone know if i have to do something different when doing this setup through converged access ?

Scott Fella · ‎04-09-2015

You need to use the Called Station ID, but set it to contains not equals, unless your using the proper regex.

-Scott

-Scott
*** Please rate helpful posts ***

Knutsen2004 · ‎04-10-2015

I got the authentication to work but i had to combine the Called Station ID with "and 802.1X Wireless Condition" to get a match on the rule.

ISE Auth Policy with Converged Access