Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISE/Wireless NAC...One SSID for MAB and Dot1X?

Hi,

I am running ISE 1.2 and WLC 7.5.102.

I would really like to have one SSID that can do a few different things in the following order...

1) A device could connect, hit the MAB rule, and be granted access without any type of authentication (Other than MAB) and be placed in VLAN x.

2) A device would be checked for the appropriate certificate. If this cert exists, the device is granted access.

3) If a device is not allowed in MAB, it will hit the next rule, which is the dot1x rule. The user will then be authenticated against the AD server.

4) Everything else hits default rule and is sent to web-auth portal.

I can't really think of a way to make this work with one SSID because from what I understand, you would need dot1x disabled on the SSID in order for MAB to work.

Any suggestions?
Thanks.

  • AAA Identity and NAC
1 ACCEPTED SOLUTION

Accepted Solutions

ISE/Wireless NAC...One SSID for MAB and Dot1X?

two ssid's. no way around it

1 REPLY

ISE/Wireless NAC...One SSID for MAB and Dot1X?

two ssid's. no way around it

357
Views
5
Helpful
1
Replies
This widget could not be displayed.