Procedure 6 - Validate The WLC Or Switch Configuration

Step 1
Check that the Cisco Wireless LAN Controller (WLC) configuration or the switch OS platform and/or version is supported by the TrustSec version you are implementing.

Step 2
For the NAD to be able to authorize, it needs to have following entry in the configuration:
  • aaa authorization network radius
Step 3
For the dynamic VLAN (dVLAN), run the following from exec mode to check that the WLC or the switch VLAN database includes the VLAN that the ISE is trying to assign:
  • show vlan
Step 4
For dACL, validate that the ISE ACL syntax is correct by going to Policy > Policy Elements > Results > Authorization > Downloadable ACLs.

Step 5
For Catalyst switches, you can verify the configuration using the ISE Evaluate Configuration Validator tool. Go to Operations > Troubleshooting > Diagnostic Tools > General Tools.