Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
3
Helpful
2
Replies

With WLC Foreign and WLC Anchor the ISE Authorization daesn' t work.

ifabrizio
Level 3
Level 3

‎06-06-2023 06:32 AM

I configured a test environment composed of a WLC (8.2) connected to the internal network, where the Cisco ISE 3.0 is also connected.

Via Mobility tunnel the internal WLC is connected to a WLC Anchor (8.8) located in the DMZ behind a firewall.


There is also a DHCP Server Connected to a Firewall dedicated interface the (Grey box in the layout)

Follow the basic  network layout:

ifabrizio_1-1686058173314.png

How I can configure both WLC to work correctly after the ISE authorization phase?

I have found an example that works I have test it, but there is only one WLC, follow the link:

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99121-vlan-acs-ad-config.html

 

Do you any suggestion?

 

Best regards,

JF.

Labels:
0 Helpful
2 Replies 2

pieterh
VIP
VIP

‎06-08-2023 04:58 AM - edited ‎06-08-2023 04:58 AM

this should not be very different with an anchor controller
if I recall correctly 
there are two tunnels involved
-  CAPWAP/LWAPP from access point to the foreign controller
    the foreign controller does the authentication with ISE
-  EOIP tunnel from foreign to anchor
    the anchor controller drops the packets onto the network
so authentication is the same, but the acl's and vlan assignment is done by the anchor

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card