I have a somewhat large deployment coming up with several WLC dynamic interfaces assigned to an interface group, replicated across for multiple sites. I understand that ISE can return the VLAN ID to the WLC to place the client in, but if I'm using interface groups, this seems to negate the usefulness of the interface group to load clients across multiple VLANs. Not only that, but with the number of dynamic interfaces (VLAN ID's), multiplied by the number of sites, would seem to be overwhelming on the ISE side policy configuration.
Is it possible for ISE to return an Interface name/group to the WLC instead of just a VLAN ID ?
Solved! Go to Solution.
Upgrade you WLC to 7.2 code:
Sent from Cisco Technical Support iPad App
I understand that WLC 7.2 code can now accept the interface group name as a AAA override, which is great, but it doesn't specify the AAA source (ISE vs. ACS).
This is the example I'm questioning: (they use the VLAN ID only, instead of an interface name)
Found the correct Attribute Under "Adv. Attribute Settings" in the Airspace Authorization Profiles (Airespace:Airespace-Interface-Name).
Did it work for you to only send the
Airespace:Airespace-Interface-Name from ISE to WLC ?
I use this for my setup and it is working perfectly.
ISE sets the client to the correct Interface (Name) in the Interface-Group