Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Client Authentication/Authorization via ISE & AD, Posture Registry Key, and mapped to specific DHCP scope by AD membership

Hi Team,

I'm currently working on a configuration entailing WLC and ISE where the customer wants a single SSID,and wants his wireless clients to authenticate successfully if they pass a registry key compliance.  Additionally, they want clients to received a different IP address or get mapped to a different DHCP scope based on the Microsoft AD group they belong too. for example:

Client authenticating with registry key and in AD group ABC that passes authentication gets IP address or subnet for AD group ABC.

Client authenticating with registry key and in AD group XXX that passes authentication gets IP address or subnet for AD group XXX.

Clients---->WLC------>ISE-----> MS AD ( groups ABC, XXXX, YYY )

currently using EAP-PEAP/MSCHAPv2

Does anyone have any idea or pointers or can refer me somewhere that I can read on how to accomplish this?  Not sure on how to do the registry compliance check nor what attributes will allow me to map the client to a DHCP Scope based on this AD group membership? 

Thanks...

1 REPLY
Silver

Do check cisco how to guides

Do check cisco how to guides you will get step by step configuration of the current requirement
 

114
Views
0
Helpful
1
Replies
CreatePlease to create content