cancel
Showing results for 
Search instead for 
Did you mean: 

dynamic vlan assignment with ISE and AD

reza_mira_awqh9
New Contributor II
Hi dear friend
we want to use authenticate WiFi users with Cisco ISE, Also we want to assign vlan to users after authentication by cisco ISE, as note, ISE server is integrated with Micorosft AD for authentication, when a user see credential pop-up, send its credential to ISE, ISE check it with AD and assign a group/vlan to this user
this procedure doesnt work accurately on ZD 1200.
if u can, help me please

regards
Reza
6 REPLIES 6

Hi,

I don't have any documentation for this. but i can tel you what we have done. 
Basically you need a AD groups and NPS ( you can use the same AD server but recommended separate server for this)

Once your done with the NPS installation you can create network policies to assign vlan ID. this can be based on user groups.

To assign the vlan ID you need to user the following radius attributes.
Tunnel-Type = vlan
Tunnel-Assignment-ID = vlan ID 
Tunnel-Medium-Type = 802.1x
Tunnel-Pvt-Group-ID = vlan ID

 * This is total Microsoft NPS solution no ISE involvement. but i hope Cisco ISE has more options and better answer for your requirement.



KBA-2109: Configuring AD and NPS Radius Server

https://support.ruckuswireless.com/articles/000002109