cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3799
Views
5
Helpful
1
Replies

Change VLAN for Guest

Mady
Level 4
Level 4

Hi,

 

I created wireless guest portal on ISE which redirects to guest VLAN once authenticated. I'm using Sponsored Guest Portal with VLAN DHCP Release Page settings. 

 

The policy is working but after guest input the username and password, portal shows that he needs to manually renew its IP address. So I disconnect to that SSID and reconnect again (re-connection does not ask for username and password again, it allow access).

 

My question is:

 

Is there a way to automatically change the VLAN of the guest after authentication without reconnecting to same SSID?

 

Thanks in advance!

 

- Mady

1 Accepted Solution

Accepted Solutions

Octavian Szolga
Level 4
Level 4

Hi Mady,
Unfortunately, there's no simple answer to this issue.

 

From user guide:

 

VLAN DHCP Release Page Settings for Guest Portals

The navigation path for this page is Work Centers > Guest Access > Portals & Components > Configure > Guest Portals > Create, Edit or Duplicate > Portal Behavior and Flow Settings > VLAN DHCP Release Page Settings.

  • Enable VLAN DHCP release—Refresh a guest's IP address for Windows and Mac OS devices after a VLAN change in both wired and wireless environments.

     

    This affects the Central WebAuth (CWA) flow during final authorization, when the network access changes the guest VLAN to a new VLAN. The guest’s old IP address must be released before the VLAN change, and a new guest IP address must be requested through DHCP when the guest connects to the new VLAN. The IP address release renew operation varies by the browser and operating system used; Internet Explorer uses ActiveX controls, and Firefox and Google Chrome use Java applets. For non-Internet Explorer browsers, Java must be installed and enabled on the browser.

     

    The VLAN DHCP Release option does not work on mobile devices. Instead, guests are requested to manually reset the IP address. This method varies by devices. For example, on Apple iOS devices, guests can select the Wi-Fi network and click the Renew Lease button.

 

 

What you could do is to provide a very short lease time to the first IP pool (the one used for initial authentication). When the endpoint tries to renew its IP, it would get an IP from the new VLAN/pool.

 

Thanks,

Octavian

View solution in original post

1 Reply 1

Octavian Szolga
Level 4
Level 4

Hi Mady,
Unfortunately, there's no simple answer to this issue.

 

From user guide:

 

VLAN DHCP Release Page Settings for Guest Portals

The navigation path for this page is Work Centers > Guest Access > Portals & Components > Configure > Guest Portals > Create, Edit or Duplicate > Portal Behavior and Flow Settings > VLAN DHCP Release Page Settings.

  • Enable VLAN DHCP release—Refresh a guest's IP address for Windows and Mac OS devices after a VLAN change in both wired and wireless environments.

     

    This affects the Central WebAuth (CWA) flow during final authorization, when the network access changes the guest VLAN to a new VLAN. The guest’s old IP address must be released before the VLAN change, and a new guest IP address must be requested through DHCP when the guest connects to the new VLAN. The IP address release renew operation varies by the browser and operating system used; Internet Explorer uses ActiveX controls, and Firefox and Google Chrome use Java applets. For non-Internet Explorer browsers, Java must be installed and enabled on the browser.

     

    The VLAN DHCP Release option does not work on mobile devices. Instead, guests are requested to manually reset the IP address. This method varies by devices. For example, on Apple iOS devices, guests can select the Wi-Fi network and click the Renew Lease button.

 

 

What you could do is to provide a very short lease time to the first IP pool (the one used for initial authentication). When the endpoint tries to renew its IP, it would get an IP from the new VLAN/pool.

 

Thanks,

Octavian