cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
578
Views
0
Helpful
4
Replies

ISE Auth Policy with Converged Access

Knutsen2004
Level 1
Level 1

Hi

Im setting up a Dot1X authentication using ISE 1.3 and 5760/3850 WLAN controllers. The problem is that im not able to match my authentication policy defined on ISE. It jumps directly to the default policy, im using Called Station id= SSID but it is not able to match this.

I have configured this before on WLC Air OS but not with converged access. Is there something that needs to be done on the 3850 wlc to send this info to ISE ?

 

 

4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame

Since you are seeing hits to your default policy, then at least the communication is working between the two.  I would use the called station id contains and try that.  Also, I would make the policy very basic to start with and then start adding more rules to your policies to help determine what rules are not working.

-Scott

-Scott
*** Please rate helpful posts ***

Yes i can see that everything is working, with certificate and other stuff..It is only that it is not matching the SSID.

 

I have tried different ways to do the SSID filtering: 

NAS port ID Equals SSID,

Called Station ID  Equals SSID

 

But noen of these works. Does anyone know if i have to do something different when doing this setup through converged access ?

 

You need to use the Called Station ID, but set it to contains not equals, unless your using the proper regex.

-Scott

-Scott
*** Please rate helpful posts ***

I got the authentication to work but i had to combine the Called Station ID with "and 802.1X Wireless Condition" to get a match on the rule.

 

Review Cisco Networking for a $25 gift card