I am new to ACS5.2, I am setting up a wirless network and want to write a policy where desktops will go in a specific vlan and laptops would go in a specific vlan. I am reading documentation on ACS 5.2 and it does talk about device type. Any anyone point me in the right direction, how to use this attribute to authenticate based on device type (desktop or laptop).
First off you will need to do 802.1x on both your wired and wireless (I'm going to assume you know how to do this). Then I would define your NDG (network device groups) which state switches, routers, wireless. This will help in defining your polices under Access Polices | Default Network | Access. To specify the vlan you want place the device on, you would configure Authorization Profiles. This is located in the Policy Elements | Authorization Profiles | Network Access. You will need to create a new Authorization Profile, enter a name and description, click on Common Task and define your VLAN as Static and enter the vlan under the value
Then in your Access Policy, you would add your Policy Element you just created. I also specified what devices this policy should be applied to (NDG) See below:
You would need ISE for that. With ACS you can differentiate between a wired and wireless. Now for a laptop on your domain, you can use machine authentication and the policy would point to AD computer group. The PDA's would authenticate using peap and that is one way of forcing a vlan change.
I didnt realize you were a master at 5.2 .. I may need to hit you up on some questions!
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...