This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
My customer has two ISE clusters. The first one is dedicated to wifi guest access while the second one is handling wired 802.1x for corporate users.
They would like to provide guest access to their wired users. They are thinking of using RADIUS proxy for that. The web portal would still be hosted on their "guest cluster" and "corporate wired users" would simply be redirected to that cluster.
I've done some research but I haven't seen any clear statement if that was supported or even supposed to work. Could someone confirm if this is supposed to work and provide some pointers?
An alternative would be to host the guest portal on the corporate cluster and use the "guest cluster" as an external database. This would avoid managing guest account at two different location but would require to duplicate the web portal, not ideal...
Solved! Go to Solution.
The two different deployments is simply due to administrative reason. They have one team managing wifi and another one for wired... There is no way we will manage to push a single deployment in their case!
What I was hoping to achieve with RADIUS proxy is to redirect wired guest users to the web portal hosted on the wifi cluster. That way, they would only have to maintain the portal in a single cluster. Since that doesn't seem to be possible, I'll propose the alternative.
Thanks for confirming, that's what I've already communicated to the customer.
I knew the sessionId could be the issue but I was not sure where it would be generated. I thought we could simply proxy the MAB request from the wired cluster to the guest cluster that would then generate a sessionId as well and return the corresponding redirect URL.