Add the controller to the AAA server – Cisco ISE runing 2.4
Add the WLC’s IP address to ISE along with the Radius key
Create a 802.1X WLAN
Verify that the SSID is being broadcast over the air and that i can be seen by the client device.
Create 802.1X authentication policy /condition on ISE
Time to test the client
Now a look at the packet capture taken by Cisco ISE:
The first user (fin) failed authentication be cause he is NOT a member of the wireless engineers group. Remember that the authentication policy is as follows: If the user is a member of the wireless engineers group and the authentication is eap-tls permit access ELSE fail authentication
Cisco ISE Radius logs
Wireshark:
Access request
Access challenge
Finally a failure as the user fin1 will be rejected because his request does NOT match the policy requirements:
Successful authentication for my request as I am a member of the defined group
fclarke client association on the controller
Iperf test