cd /md/01_<DESIRED FOLDER LEVEL>
1. Define the RFC-3576 SERVER
aaa rfc-3576-server "10.0.77.37"
key 5kadkakekrktttk@44k4kfdee705f5163fa2e%%%@#4
!
2. Define the AAA SERVER
aaa authentication-server radius "DMZPSN2.NETPROJEKRALAC.COM"
host "10.0.77.37"
key 5kadkakekrktttk@44k4kfdee705f5163fa2e%%%@#4
called-station-id type macaddr include-ssid enable delimiter colon
!
3. DEFINE THE AAA SERVER GROUP
aaa server-group "DMZPSN2-PRI-SVGRP"
auth-server DMZPSN2.NETPROJEKRALAC.COM position 1
!
4. Define the POST AUTHENTICATION USER ROLE
user-role ISE-DOT1X-AUTHENTICATED
access-list session ra-guard
access-list session allowall
access-list session v6-allowall
!
5. Define the AAA DOT1X
aaa authentication dot1x "AAA-DOT1X-AUTH"
max-requests 2
timer wpa-key-period 3000
timer wpa2-key-delay 100
timer wpa-groupkey-delay 100
!
6. Define the AAA PROFILE
aaa profile "780_AAA_PROFILE"
initial-role guest
authentication-dot1x "AAA-DOT1X-AUTH"
dot1x-default-role guest
dot1x-server-group "DMZPSN2-PRI-SVGRP"
radius-accounting "DMZPSN2-PRI-SVGRP"
radius-interim-accounting
rfc-3576-server "10.0.77.37"
enforce-dhcp
!
7. Define the SSID PROFILE
wlan ssid-profile "780-TLS_SSID_PROFILE"
essid "780-TLS"
opmode wpa2-aes
a-basic-rates 12 24
a-tx-rates 12 18 24 36 48 54
g-basic-rates 24
g-tx-rates 12 18 24 36 48 54
wmm
wmm-vo-dscp "48"
wmm-vi-dscp "32"
wmm-be-dscp "0"
wmm-bk-dscp "8"
g-beacon-rate 24
a-beacon-rate 24
multicast-rate 24
qbss-load-enable
advertise-location
advertise-ap-name
!
8. Define the WLAN VIRTUAL AP (VAP)
wlan virtual-ap "780-TLS"
aaa-profile "780_AAA_PROFILE"
vlan 12
ssid-profile "780-TLS_SSID_PROFILE"
!
9. Add the VAP to the AP GROUPS
ap-group BROOKLYN-RETAIL-2-AP-GROUP
virtual-ap "780-TLS"
!
ap-group EASTWLC001-RETAIL-2-AP-GROUP
virtual-ap "780-TLS"
!
ap-group NORTHWLC001-RETAIL-2-AP-GROUP
virtual-ap "780-TLS"
!
Cisco ISE Config
Authorization Profiles
Policy Set
Test client connectivity
Verify client session and auth on the Aruba WLC
Verify ip-flow-export data
Verify on NFSEN
