12-21-2018 02:21 AM - edited 07-05-2021 09:37 AM
Hello All ,
While Configuring Dynamic VLAN assignment on WLC , is there any option like in wired 802.1X , that failed clients drop in a specified VLAN . Not able to find any such option in case of wireless ? If we want to put failed authenticated clients is a specified VLAN .
Thanks in anticipation.
Adnan
12-21-2018 08:24 AM
I am not sure what you mean in the question.
If the SSID is setup for 802.1x authentication against a radius server then you would just have a rule that says if the client does not match any known Identity sources then place it in vlan "X". This way the wireless client will pass authentication and be placed in the VLAN you specified.
If the radius server does not have an identity source and you have told it to respond as a failed request then the WLC will see this as a failure and de-authenticate the client.
To answer your question, no you cannot have the WLC respond purely on its own to a failed 802.1x request and place the client in a different vlan, it has to come from the radius server.
Regards
12-26-2018 04:41 AM - edited 12-26-2018 04:43 AM
12-28-2018 01:42 AM
Thanks ammahend ..
Surely this seems to be thing We were looking for . But what application is this ? We are using MS NPS ... Don't thing NPS has this sort of option ...
12-29-2018 01:19 PM - edited 12-29-2018 01:20 PM
Its Cisco's Identity Services Engine (ISE), you can learn more here. it is available as an OVA for free for 90 days for 100 devices, if you want to try.
https://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide