Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ISE profiling - Split Corporate/Guest access

Hello all,

I currently deploying a Cisco ISE for my wireless network and I would like to split my WLAN in two different "authorization profile" : Guest and Corporate.

For the moment, I use my active Directory to authenticate users and profiling to authorize device with the hostname. I would like to classify by domain name with DHCP probe but I can't because there is alway a DHCP message response with the domain name given by the DHCP server, do you have a solution to separate device with domain name or with other attributes ?

 

Thanks in advance for your answer!

1 ACCEPTED SOLUTION

Accepted Solutions

you can create different

you can create different authorization profile based on the identity group they belong to , therefore , make two profiles based on two Identity group ( guest/ corporate AD users ) and assign them different access. refer ISE 1.2 config guide.

2 REPLIES

you can create different

you can create different authorization profile based on the identity group they belong to , therefore , make two profiles based on two Identity group ( guest/ corporate AD users ) and assign them different access. refer ISE 1.2 config guide.

New Member

Thanks for your answer salodh

Thanks for your answer salodh,

I've already done two authorization profiles (Guest and corporate) based on rule using Active Directory and profiling condition but I would more profiling conditions (not only hostname) to split clearly corporate and guest devices.

63
Views
0
Helpful
2
Replies