Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
1
Helpful
1
Replies

WLC 5508 8.2.170 and ISE 3.0 Authorization Issue.

ifabrizio
Level 1
Level 1

‎03-17-2023 01:00 AM

I configured in a test environment, a windows 10 client, which authenticates using EAP-TLS. Up to here everything works.

The problems arrived with the authorization phase, despite having configured the access list on the WLC, the ISE is unable to use it, even if in the authorization profile I checked the Airspace ACL name, specifying the name of the ACL created on the WLC.

Any suggestions?

Same details:

On the Ise the part of Autorization profile:

ifabrizio_0-1679038924413.png

The Ise live log about the authentication and authorization show that Ise choose the right policy:

 

ifabrizio_1-1679039207452.png

The strange thing is that in the results, the AV-Pairs and the ACL specified in the authorization profile are not indicated:

ifabrizio_2-1679039501798.png

On the WLC the ACL:

ifabrizio_3-1679039642180.png

There are two WLCs the foreign and an anchor, the WLAN is on both. It works fine but the ACL is not enforced.
I know the versions are old, and I have already planned the ISE upgrade, and the WLC foreign replacement, but for now I have to use it.

 

0 Helpful
1 Reply 1

Prince.O
Spotlight
Spotlight

‎03-29-2023 12:45 PM - edited ‎03-29-2023 12:45 PM

Not sure if you found a resolution to this but I see you have a number "1" set as the "ACL Name" . I would suggest trying to set an actual name and see if this sends the ACL value you want to send to the WLC. 

It may also be a bug on ISE 3.0 , 3.1 is the recommended. You can open a TAC case to investigate if you still see issues 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card