cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
328
Views
3
Helpful
2
Replies

With WLC Foreign and WLC Anchor the ISE Authorization daesn' t work.

ifabrizio
Level 3
Level 3

I configured a test environment composed of a WLC (8.2) connected to the internal network, where the Cisco ISE 3.0 is also connected.

Via Mobility tunnel the internal WLC is connected to a WLC Anchor (8.8) located in the DMZ behind a firewall.


There is also a DHCP Server Connected to a Firewall dedicated interface the (Grey box in the layout)

Follow the basic  network layout:

ifabrizio_1-1686058173314.png

How I can configure both WLC to work correctly after the ISE authorization phase?

I have found an example that works I have test it, but there is only one WLC, follow the link:

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99121-vlan-acs-ad-config.html

 

Do you any suggestion?

 

Best regards,

JF.

2 Replies 2

pieterh
VIP
VIP

this should not be very different with an anchor controller
if I recall correctly 
there are two tunnels involved
-  CAPWAP/LWAPP from access point to the foreign controller
    the foreign controller does the authentication with ISE
-  EOIP tunnel from foreign to anchor
    the anchor controller drops the packets onto the network
so authentication is the same, but the acl's and vlan assignment is done by the anchor

Review Cisco Networking for a $25 gift card