Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4785
Views
0
Helpful
1
Replies

ISE Guest Access with Flex connect APs

Go to solution
Corey Schultz
Cisco Employee
Cisco Employee

‎02-14-2017 11:31 AM

I am working on a design where the end user has there APs in Flex Connect mode. Corporate users access one SSID that drops them on the corp vlan and Guest users access another SSID which drops them on the guest vlan. There are many remote sites each with there own internet connection and in many cases there is no local WLC. The WLC talks to the APs over the corporate Network. There is no connectivity between the guest network and the Corporate network - Completely segmented. Is it possible to use ISE Guest functionality in this scenario - The hope is that the ISE PSN could sit centralized on a corporate DMZ and be internet accessible to the guest portal. The Guest Users would have an inital ACL that provided access to  the basic protocols and include the internet accessible PSN. Once authenticated on the PSN the ACL would then be changed to allow full internet access. I am wondering if there are issues or potential problems with this config. Also open to other/better ways of handling this issue.


Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions
1 Reply 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents