Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
1
Replies

Client Authentication/Authorization via ISE & AD, Posture Registry Key, and mapped to specific DHCP scope by AD membership

olavarr69
Level 1
Level 1

‎03-05-2014 05:54 PM - edited ‎03-10-2019 09:29 PM

Hi Team,

I'm currently working on a configuration entailing WLC and ISE where the customer wants a single SSID,and wants his wireless clients to authenticate successfully if they pass a registry key compliance.  Additionally, they want clients to received a different IP address or get mapped to a different DHCP scope based on the Microsoft AD group they belong too. for example:

Client authenticating with registry key and in AD group ABC that passes authentication gets IP address or subnet for AD group ABC.

Client authenticating with registry key and in AD group XXX that passes authentication gets IP address or subnet for AD group XXX.

Clients---->WLC------>ISE-----> MS AD ( groups ABC, XXXX, YYY )

currently using EAP-PEAP/MSCHAPv2

Does anyone have any idea or pointers or can refer me somewhere that I can read on how to accomplish this?  Not sure on how to do the registry compliance check nor what attributes will allow me to map the client to a DHCP Scope based on this AD group membership? 

Thanks...

Labels:
0 Helpful
1 Reply 1

kaaftab
Level 4
Level 4

‎03-12-2014 05:42 AM

Do check cisco how to guides you will get step by step configuration of the current requirement
 

0 Helpful
Customers Also Viewed These Support Documents