Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ISE Vlan assigment

Hi dears,

We want to configurate Some vlans(vlan2-accounting department,, vlan3-helpdeks,,vlan4-sales,vlan5-security,vlan6--Engineer) for wireless users but use only one SSID for example name Corparate. WLC authenticate with Cisco ISE devices for wireless users. In ISE use external database Active Directory(AD). When accounting department employees connect Corporate SSID the wlc or ise assign it appropriate vlan. How I configure this topology? please provide me any documentation.

Cisco Employee

These doc include how to configure ISE and WLC to communicate with each other .These docs specify how to integrate AD with ISE and will help you with authorization rule configuration. VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration let me know if you need configuration steps

It should work on Anchor as

It should work on Anchor as well, the client should take tagging and dhcp from it.

please make rules in

please make rules in authorization like

if ( wireless_802.1x) and ( Airspace Wlan ID EQUAL ssid_value ) AND (demoAD:ExternalGroups EQUALS demo.local/XXX/Groups/Staff) then staff_VLAN10

from the authorization results , you should have created one profile as staff_VLAN10 as below


Hi Salodh, Your answer above

Hi Salodh,


Your answer above is really helpful. But I would like to ask how the single SSID with multiple VLANs configured in WLC. Would you have to create separate dynamic interfaces for each VLAN, create an Interface group, then assign the SSID to the interface group or would you use the management interface and the switch does the vlan assignment based on the VLAN tag from the AAA override.





Cisco Employee

In most WLAN systems, each

In most WLAN systems, each WLAN has a static policy that applies to all clients associated with a Service Set Identifier (SSID), or WLAN in the controller terminology. Although powerful, this method has limitations because it requires clients to associate with different SSIDs in order to inherit different QoS and security policies.

However, the Cisco WLAN solution supports identity networking. This allows the network to advertise a single SSID, but allows specific users to inherit different QoS or security policies based on the user credential.

Dynamic VLAN assignment is one such feature that places a wireless user into a specific VLAN based on the credentials supplied by the user. This task of assigning users to a specific VLAN is handled by a RADIUS authentication server, such as CiscoSecure ACS. This can be used, for example, to allow the wireless host to remain on the same VLAN as it moves within a campus network.


Hi Monahak, Thanks. I came

Hi Monahak,


Thanks. I came across the link after my post. However, I know that dynamic vlan assignment was not supported in Anchor WLC setup. But do you know if it's now supported from WLC 7.6?

New Member



Can you share the document here  or how you done ? 


CreatePlease to create content