dynamic vlan assignment with ISE and AD
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2019 05:11 AM
Hi dear friend
we want to use authenticate WiFi users with Cisco ISE, Also we want to assign vlan to users after authentication by cisco ISE, as note, ISE server is integrated with Micorosft AD for authentication, when a user see credential pop-up, send its credential to ISE, ISE check it with AD and assign a group/vlan to this user
this procedure doesnt work accurately on ZD 1200.
if u can, help me please
regards
Reza
we want to use authenticate WiFi users with Cisco ISE, Also we want to assign vlan to users after authentication by cisco ISE, as note, ISE server is integrated with Micorosft AD for authentication, when a user see credential pop-up, send its credential to ISE, ISE check it with AD and assign a group/vlan to this user
this procedure doesnt work accurately on ZD 1200.
if u can, help me please
regards
Reza
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-27-2019 11:00 PM
Hi,
I don't have any documentation for this. but i can tel you what we have done.
Basically you need a AD groups and NPS ( you can use the same AD server but recommended separate server for this)
Once your done with the NPS installation you can create network policies to assign vlan ID. this can be based on user groups.
To assign the vlan ID you need to user the following radius attributes.
Tunnel-Type = vlan
Tunnel-Assignment-ID = vlan ID
Tunnel-Medium-Type = 802.1x
Tunnel-Pvt-Group-ID = vlan ID
* This is total Microsoft NPS solution no ISE involvement. but i hope Cisco ISE has more options and better answer for your requirement.
I don't have any documentation for this. but i can tel you what we have done.
Basically you need a AD groups and NPS ( you can use the same AD server but recommended separate server for this)
Once your done with the NPS installation you can create network policies to assign vlan ID. this can be based on user groups.
To assign the vlan ID you need to user the following radius attributes.
Tunnel-Type = vlan
Tunnel-Assignment-ID = vlan ID
Tunnel-Medium-Type = 802.1x
Tunnel-Pvt-Group-ID = vlan ID
* This is total Microsoft NPS solution no ISE involvement. but i hope Cisco ISE has more options and better answer for your requirement.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-28-2019 02:28 PM

