10-31-2014 08:23 AM - edited 07-05-2021 01:51 AM
Hello Everyone
I have an ISE with an AD integration, i am trying to limit the access to the wireless users, i only added one OU "wireless users", but all the users can access to the wireless network, i just want to allow the access to the users in that OU, and block the access to the other users not included in that OU.
Other thing, i am not able to see the attributes from the directory, is this an issue with the AD?.
Regards
Israel
10-31-2014 05:59 PM
Refer
"Configuring Active Directory User Attributes" and "Configuring Group Policies in Active Directory" from
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html
11-03-2014 09:29 AM
I have been trying to limit the users using the OU, but i still having issues, for example i have the ou wireless, user: test1 and other user in a different OU, both users authenticated in the wireless 802.1.x, and i defined in the authorization compound the distinguishedname the ou wireless.
Do you know if there something missing in the ISE?
Regards
Israel
11-04-2014 06:58 AM
Just to add some information, I added the AD in the external identity sources, and i can see the OUs in the groups, i choosed the ou wireless.
Then i created an authorization compound conditions
Radius Service type: Frame
Radius Nas Port: Wireless -802.1x
and the network access equals domain/users/wireless.
I applied this in my authorization policy.
But it still does not work.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: