Wireless client can't authenticate via RADIUS (ISE)

johnlloyd_13 · ‎09-03-2016

hi,

i tried setup WLC to talk to a RADIUS server (ISE) for wifi client authentication. i'm quite new to ISE so forgive me.

i added the IP and shared secret on both WLC and RADIUS server but wifi access on a SSID is being denied.

on the ISE logs, i hit the DenyAccess authorization profile. i tried to change this rule and also tried making a custom policy but can't seem to make it work.

attached are some screenshots. appreciate if someone can help me out.

Scott Fella · ‎09-03-2016

After you add the WLC as a AAA client, you then have to create a policy that permits the device/user depending on the authentication you are using.

You might want to look up some configuration examples, but this might help:

http://www.labminutes.com/sec0112_ise_12_wireless_8021x_authorization_flexconnect_1

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

johnlloyd_13 · ‎09-04-2016

hi scott,

i saw that video while doing my search but didn't bother to watch it.

i'll watch this time and try my setup again.

Scott Fella · ‎09-04-2016

Just follow the video and make sure you have everything defined properly in the controller. Then look and try to understand the ISE polices as that is where the issue is at. Depends also on what type of 802.1x you are using but it's easy to search for configuration examples for thoses.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***