09-16-2013 06:12 AM - edited 03-12-2019 05:42 PM
Hi,
I am running ISE 1.2 and WLC 7.5.102.
I would really like to have one SSID that can do a few different things in the following order...
1) A device could connect, hit the MAB rule, and be granted access without any type of authentication (Other than MAB) and be placed in VLAN x.
2) A device would be checked for the appropriate certificate. If this cert exists, the device is granted access.
3) If a device is not allowed in MAB, it will hit the next rule, which is the dot1x rule. The user will then be authenticated against the AD server.
4) Everything else hits default rule and is sent to web-auth portal.
I can't really think of a way to make this work with one SSID because from what I understand, you would need dot1x disabled on the SSID in order for MAB to work.
Any suggestions?
Thanks.
Solved! Go to Solution.
09-17-2013 11:52 AM
two ssid's. no way around it
09-17-2013 11:52 AM
two ssid's. no way around it
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide