07-03-2019 09:03 AM - last edited on 07-03-2019 07:28 PM by hslai
ISE CWA with Flex Connect local switching.
With this configuration does the client start off in one VLAN and then get switched to the local VLAN on the AP? I expect AAA override and CoA would be part of this? How does the client handle the re-dhcp - I expect there could be issues with some clients trying to switch their IP/VLAN.
Is it possible to NOT have the client switch VLANs, maybe the client could pull an IP locally and then once the AUP or credentials are entered the ACL would be removed allowing them to switch data locally on the AP.
Solved! Go to Solution.
07-03-2019 07:37 PM - edited 07-03-2019 07:38 PM
No, this does not require VLAN change. In fact, we do not recommend VLAN changes for CWA.
ExpandBranch Office Wireless LAN Design - BRKEWN-2016 has some details in Slides 76 ~ 86 on BYOD, which works similarly to CWA, in terms of configurations in WLC.
Also see Central Web Authentication with FlexConnect APs on a WLC with ISE Configuration Example - Cisco
07-03-2019 07:37 PM - edited 07-03-2019 07:38 PM
No, this does not require VLAN change. In fact, we do not recommend VLAN changes for CWA.
ExpandBranch Office Wireless LAN Design - BRKEWN-2016 has some details in Slides 76 ~ 86 on BYOD, which works similarly to CWA, in terms of configurations in WLC.
Also see Central Web Authentication with FlexConnect APs on a WLC with ISE Configuration Example - Cisco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide