Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
5
Helpful
1
Replies

ISE/Wireless NAC...One SSID for MAB and Dot1X?

Go to solution
Josh Morris
Level 3
Level 3

‎09-16-2013 06:12 AM - edited ‎03-12-2019 05:42 PM

Hi,

I am running ISE 1.2 and WLC 7.5.102.

I would really like to have one SSID that can do a few different things in the following order...

1) A device could connect, hit the MAB rule, and be granted access without any type of authentication (Other than MAB) and be placed in VLAN x.

2) A device would be checked for the appropriate certificate. If this cert exists, the device is granted access.

3) If a device is not allowed in MAB, it will hit the next rule, which is the dot1x rule. The user will then be authenticated against the AD server.

4) Everything else hits default rule and is sent to web-auth portal.

I can't really think of a way to make this work with one SSID because from what I understand, you would need dot1x disabled on the SSID in order for MAB to work.

Any suggestions?
Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jan.nielsen
Level 7
Level 7

‎09-17-2013 11:52 AM

two ssid's. no way around it

View solution in original post

1 Reply 1

Go to solution
jan.nielsen
Level 7
Level 7

‎09-17-2013 11:52 AM

two ssid's. no way around it

Customers Also Viewed These Support Documents