Add the controller to the AAA server – Cisco ISE runing 2.4
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/01-ise-version.png)
Add the WLC’s IP address to ISE along with the Radius key
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/00-add-wlc-to-ISE-1024x496.png)
Create a 802.1X WLAN
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-1024x511.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-2-1024x520.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-3-1024x544.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-4-1024x544.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-5-1024x544.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-6-1024x544.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-7-1024x542.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-8-1024x544.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-9.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-10-1024x544.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-11-1024x535.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-done-1024x544.png)
Verify that the SSID is being broadcast over the air and that i can be seen by the client device.
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-show-essid-1024x130.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/02-add-wlan-start-client-see-ssid.png)
Create 802.1X authentication policy /condition on ISE
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/03-ISE-condition-1024x665.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/03-ISE-condition-2-1024x662.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/03-ISE-condition-3-1024x491.png)
Time to test the client
Now a look at the packet capture taken by Cisco ISE:
The first user (fin) failed authentication be cause he is NOT a member of the wireless engineers group. Remember that the authentication policy is as follows: If the user is a member of the wireless engineers group and the authentication is eap-tls permit access ELSE fail authentication
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/04-failed-0-1024x226.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/7.png)
Cisco ISE Radius logs
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/04-failed-2-fin-one-1024x409.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/04-failed-3-fin-one-1024x503.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/04-failed-4-fin-one-1024x545.png)
Wireshark:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/05-wireshark-1-1024x468.png)
Access request
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/05-wireshark-2-1024x544.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/05-wireshark-3-1024x544.png)
Access challenge
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/05-wireshark-4-1024x544.png)
Finally a failure as the user fin1 will be rejected because his request does NOT match the policy requirements:
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/05-wireshark-5-1024x544.png)
Successful authentication for my request as I am a member of the defined group
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/06-fclarke-passed-auth.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/8-1024x171.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/06-fclarke-passed-ise-3-1024x544.png)
fclarke client association on the controller
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/9-client-1024x365.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2019/12/9-client-2-1024x674.png)
Iperf test