11-02-2017 06:24 AM
Hi ISE community,
one of our customers have the following scenario:
Now the customer asked to differentiate Guest traffic based on VLAN (all users authenticated on CWA portal with guest credentials).
I have done some test but basically the problem is that the endpoint does not recognize that the VLAN has changed and the IP is not beign refreshed by the client.
Anyone have any suggestion in order to achieve that ?
The objective is to have something that could differentiate guest traffic like another VLAN for guest traffic, another network ecc. I have tried to see if SGT could be an option but basically the target device (web proxy) do not recognize the TrustSec tag.
Do you think that assign the same network on different VLAN using VRFs could be an option?
Thanks.
M
Solved! Go to Solution.
11-02-2017 07:14 AM
Existing discussions in the community on same
https://communities.cisco.com/thread/81859
https://communities.cisco.com/thread/78818?start=0&tstart=0
11-02-2017 06:46 AM
Hi ,yes you can use different VRF ,as you know i am sure u can have different VRF for management other for DATA ,other for VOICE , in my deployment i have them and guest VLAN . But i have only wireless guest not wired ,nvm. I think you can creat new Authorization Profiles > New Authorization Profile and tag the VLAN you want for guest
After just add this profile to authorization rule .
You can test this too
11-02-2017 06:50 AM
Thank you ognyan for your feedback, I appreciate.
I would like to stay away from VLAN DHCP Release option because we don't know if the Guest clients have ActiveX or Java support. Please let me know.
Thanks again for your answer!
11-02-2017 07:14 AM
Existing discussions in the community on same
https://communities.cisco.com/thread/81859
https://communities.cisco.com/thread/78818?start=0&tstart=0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide