Dynamic Vlan assignment and DACL

As part of the Authorisation Policy – Permissions or under Policy Elements – Results, you can create and assign downloadable ACL’s for the client and assign the client to a specified vlan. Just tick the Vlan box and enter the Vlan number. Pretty cool Cisco!

Of course as usual the switch/WLC will need to know about the Vlan and any DHCP reservations will need to be setup for the client to obtain an IP address.

Cisco ISE

Cisco ISE is an identity based network access control and profiling device. There are a lot of fields to get your head around when you first install Cisco ISE. The main components of Cisco ISE is the network profiling, authentication and authorisation policies. Authentication is mainly done through 802.1x or MAB. 

Something I found useful is understanding that within the Authorisation Policy there are 3 main fields; Name of the policy, Conditions and Permissions. Conditions can be created and found under Policy Elements. Permissions go by the name of Results under Policy Elements.