We are also evaluating/deploying ISE, since ISE is not in the pathway of client traffic from a wireless lan controller, how do we do dhcpspan, do we disable dhcp proxy on the controller, add helper address on the nearest router and include the ISE address in the helper address list?
For example: if interface vlan 100 is where clients on a particular ssid are placed after validation:
You are on the right path, however the latest WLC code 7.2.110 has the dhcp profiling built in so it sends some of that information in the radius packet. Also 7.3 adds the http profiling features and is configurable in the advanced submenu in the security section where you enable AAA override and Radius NAC.
I am deploying ISE for the first time, I have around 100 sites ( I only use ISE+WLC 7.3, NO WIRED).
It's good to forward all dhcp request to ISE with IP-HELPERS before deploying.
This is what I did with one of my sites and I had no problem when they switched over as 90% of devices were already profiles using dhcp probe
Hope to help.
P.s note that WLC 7.3 does send first http packet to ISE but only if you opened up safari first after authentication, if you opened any other application that uses http protocol it will send weird strings to ise, ie VIBER and so on.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...